Add Docker dev env with optional Ollama

[AnaBerg]

Summary

Adds a local Docker dev environment with optional Ollama support while keeping external LLM providers easy to use for stronger model testing.

What changed

• Adds Ollama to the dev Compose stack with persistent model storage and a make dev-ollama-pull helper.
• Updates the dev hub config example and Docker docs for local-only Ollama testing and external-provider testing.
• Supports ollama across hub-side AI config, streaming, failure summaries, settings, and doctor checks.
• Uses OpenClaw native Ollama onboarding for Docker agents with http://ollama:11434 and strips the ollama/ model prefix.
• Stabilizes Docker agent bootstrap by waiting for workspace files before starting OpenClaw bootstrap work.
• Pins OpenClaw consistently and fails the agent image build if the pinned install fails.
• Adds focused tests for Ollama provider selection, doctor checks, bootstrap flags/config, Docker copy behavior, and settings display.

Validation

• docker run --rm -e GOFLAGS=-buildvcs=false -v "$PWD":/app -w /app golang:1.25 go test ./cmd/claw-bridge ./pkg/provider/docker ./pkg/hub ./pkg/types
• docker compose -f docker/compose.dev.yml config
• make dev-agent-build

npm run lint was also attempted, but it currently fails on existing repo-wide React hook lint errors unrelated to this change.

Linked issue

Closes #328

[greptile-apps]

Security Review

• Secrets in Docker build cache (.dockerignore): docker/hub.dev.yaml — which holds real API keys for local development — is absent from .dockerignore. The agent Dockerfile's COPY . . builder stage sends the file to the Docker daemon and caches it in the intermediate builder image layer. While multi-stage builds prevent it from landing in the final image, the builder layer is stored locally and could expose secrets if the build cache is exported, shared in CI, or if someone runs docker save on it.

_{Reviews (1): Last reviewed commit: "fix: replace Ollama catalog patch script..." | Re-trigger Greptile}

[greptile-apps]

_{Reviews (2): Last reviewed commit: "fix: address Docker dev review findings" | Re-trigger Greptile}