Add containerized agent execution with Apple Container

- Agents run in isolated Linux VMs via Apple Container
- All groups get Bash access (safe - sandboxed in container)
- Browser automation via agent-browser + Chromium
- Per-group configurable additional directory mounts
- File-based IPC for messages and scheduled tasks
- Container image with Node.js 22, Chromium, agent-browser

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/types.ts

@@ -1,8 +1,21 @@
+export interface AdditionalMount {
+  hostPath: string;      // Absolute path on host (supports ~ for home)
+  containerPath: string; // Path inside container (under /workspace/extra/)
+  readonly?: boolean;    // Default: true for safety
+}
+
+export interface ContainerConfig {
+  additionalMounts?: AdditionalMount[];
+  timeout?: number;  // Default: 300000 (5 minutes)
+  env?: Record<string, string>;
+}
+
 export interface RegisteredGroup {
   name: string;
   folder: string;
   trigger: string;
   added_at: string;
+  containerConfig?: ContainerConfig;
 }
 
 export interface Session {