Add Docker runner options: KVM, socket mount, and privileged mode

[depoll]

Summary

Adds three new options for Docker runner pools to support various container workloads:

New Options

1. Enable KVM (enableKvm) - Linux only

   • Mounts /dev/kvm into containers
   • Enables hardware virtualization for Android emulators, nested VMs, etc.
   • Requires KVM support on the host

2. Mount Docker Socket (enableDockerSocket)

   • Mounts /var/run/docker.sock into containers
   • Docker-out-of-Docker pattern - uses host's Docker daemon
   • Fast, shares image cache with host
   • Works on all platforms (macOS, Linux, Windows)

3. Privileged Mode (enablePrivileged)

   • Runs containers with --privileged flag
   • Enables true Docker-in-Docker (nested Docker daemon)
   • Full isolation but slower and elevated permissions

Changes

• Backend: Added new database columns with migrations, updated pool API endpoints
• Frontend: Added checkboxes in pool creation form (with help text), badges on pool cards

UI Preview

When creating a Docker pool:

• KVM checkbox only appears on Linux hosts
• Docker socket and privileged mode available on all platforms
• Warning text for privileged mode

Pool cards show badges for enabled options (KVM, Docker socket, Privileged)

Testing

• All existing tests pass
• TypeScript compiles without errors
• Build succeeds