fix: create /data/claude-tenants dir with appuser ownership in Dockerfile

Without this, the SDK engine fails to create tenant HOME directories
because the Docker volume mount point doesn't exist and appuser lacks
write permissions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Dockerfile.service

@@ -81,7 +81,8 @@ WORKDIR /app/packages/services/${SERVICE_NAME}
 
 # Run as non-root user (required for SDK bypassPermissions mode)
 RUN adduser -D -h /home/appuser appuser && \
-    chown -R appuser:appuser /app
+    mkdir -p /data/claude-tenants && \
+    chown -R appuser:appuser /app /data/claude-tenants
 USER appuser
 
 ARG SERVICE_PORT=3000