Fix rootless podman permissions in rift compose

Run containers as user 0:0 (root inside container = kyle on host
via rootless podman UID mapping). This allows the container process
to read /srv/metacrypt/ files owned by kyle.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

deploy/docker/docker-compose-rift.yml

@@ -5,6 +5,9 @@ services:
       dockerfile: Dockerfile.api
     container_name: metacrypt
     restart: unless-stopped
+    # Run as root inside container — rootless podman maps this to the
+    # host user (kyle), so files in /srv/metacrypt/ are accessible.
+    user: "0:0"
     ports:
       - "127.0.0.1:18443:8443"
       - "127.0.0.1:19443:9443"
@@ -23,6 +26,7 @@ services:
       dockerfile: Dockerfile.web
     container_name: metacrypt-web
     restart: unless-stopped
+    user: "0:0"
     ports:
       - "127.0.0.1:18080:8080"
     volumes: