feat(01-01): create multi-stage Dockerfile

- Multi-stage build using golang:1.25-bookworm and debian:bookworm-slim
- CGO_ENABLED=0 for static binary compilation
- Cross-platform support via TARGETOS/TARGETARCH
- Non-root user (appuser) for security
- Data volume mount at /data
- Port 32768 exposed
- .dockerignore excludes build artifacts and planning docs

docker/Dockerfile

@@ -0,0 +1,37 @@
+# Build stage - use native platform for fast builds
+FROM --platform=$BUILDPLATFORM golang:1.25-bookworm AS builder
+
+WORKDIR /build
+
+# Cache dependencies separately from source code
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build for target platform with static binary
+ARG TARGETOS TARGETARCH
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go build -ldflags="-w -s" -o /server ./cmd/server
+
+# Runtime stage - debian slim for debugging capability
+FROM debian:bookworm-slim
+
+# Create non-root user for security
+RUN useradd -u 10001 -m appuser
+
+# Switch to non-root user
+USER appuser
+
+# Copy binary from build stage
+COPY --from=builder /server /usr/local/bin/server
+
+# Declare data volume mount point
+VOLUME /data
+
+# Expose application port
+EXPOSE 32768
+
+# Run the server
+CMD ["server"]