fix: use rootless podman to check conmon ownership in doctor

Critical bug: the doctor runs as root but containers are rootless
under the archipelago user. When checking if a conmon process has an
associated container, the root podman database was queried (empty),
causing ALL conmon processes to be identified as orphaned and killed.
This terminated running containers every 30 minutes.

Fix: use sudo -u archipelago to query the rootless podman database.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

scripts/container-doctor.sh

@@ -70,6 +70,10 @@ fix_orphaned_conmon() {
         return 1
     fi
 
+    # Doctor runs as root but containers are rootless under archipelago user.
+    # Must check container existence using the rootless podman database.
+    local PODMANCMD="sudo -u archipelago XDG_RUNTIME_DIR=/run/user/1000 podman"
+
     for pid in $pids; do
         # Extract container ID from conmon args
         local cid
@@ -77,8 +81,8 @@ fix_orphaned_conmon() {
         if [ -z "$cid" ]; then
             continue
         fi
-        # Check if container still exists
-        if ! podman inspect "$cid" &>/dev/null; then
+        # Check if container still exists in rootless podman
+        if ! $PODMANCMD inspect "$cid" &>/dev/null; then
             local port_info
             port_info=$(ss -tlnp 2>/dev/null | grep "pid=$pid" | grep -oP ':\K\d+' | head -3 | tr '\n' ',' | sed 's/,$//')
             log "Killing orphaned conmon pid=$pid (ports: ${port_info:-none})"