fix: run nginx as root, Honcho as app user (was running as app, nginx can't create runtime dirs)

ai/honcho/Dockerfile

@@ -60,10 +60,13 @@ RUN rm -f /etc/nginx/sites-enabled/default
 
 RUN groupadd --system app && \
     useradd --system --gid app --create-home app && \
-    chown -R app:app /app /usr/share/nginx/html
-
-USER app
+    chown -R app:app /app /usr/share/nginx/html && \
+    # nginx runtime dirs need to exist for non-root master? Actually master is root, just ensure /var/lib/nginx exists
+    mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi && \
+    chown -R root:root /var/lib/nginx && \
+    chmod 755 /var/lib/nginx
 
 EXPOSE 80
 
-CMD ["sh", "-c", "nginx && exec fastapi run --host 127.0.0.1 --port 8000 src/main.py"]
+# nginx runs as root (needed for port 80 + runtime dirs), Honcho runs as app user
+CMD ["sh", "-c", "nginx && exec su -s /bin/sh app -c 'fastapi run --host 127.0.0.1 --port 8000 src/main.py'"]