feat: add HERMES_DOCKER_BINARY env var override for docker backend

[alanjds]

What does this PR do?

Adds a HERMES_DOCKER_BINARY environment variable that lets users specify an alternative container runtime binary without touching PATH or creating symlinks.

Use case: Users running Podman instead of Docker (e.g. on immutable Linux distros like Bazzite, or inside a Distrobox container where Docker's storage driver is broken) can now set:

HERMES_DOCKER_BINARY=/usr/local/bin/podman

in ~/.hermes/.env and the terminal backend will use it transparently.

How it works

find_docker() in tools/environments/docker.py now checks HERMES_DOCKER_BINARY first, before any PATH resolution via shutil.which(). If the value is set but the path is invalid or not executable, it falls through silently to the existing logic — no behavior change for users who don't set it.

Tested on

• Host OS: Bazzite Linux (immutable, rpm-ostree based)
• Agent runtime: Ubuntu Distrobox container
• Alternative runtime: Podman /usr/local/bin/podman
• Docker's storage driver (fuse-overlayfs and overlay2) both fail on this setup; Podman works with no issues so far using this override.

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

• tools/environments/docker.py: add HERMES_DOCKER_BINARY env var check at the top of find_docker()

How to Test

1. Set HERMES_DOCKER_BINARY=/usr/local/bin/podman in ~/.hermes/.env
2. Set TERMINAL_ENV=docker and start a Hermes session
3. Run a terminal command -- it should execute inside a Podman container instead of Docker
4. To verify the fallthrough: set HERMES_DOCKER_BINARY=/nonexistent/path -- Hermes should fall back to resolving docker from PATH as normal

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: Bazzite Linux w/ Distrobox Ubuntu 24.04

Documentation & Housekeeping

• I've updated relevant documentation (README, docs/, docstrings) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

[teknium1]

Merged via PR #10066 which incorporates your HERMES_DOCKER_BINARY env var approach along with entrypoint fixes for rootless Podman. Your work is credited in the commit message. Thanks @alanjds!