Fix Docker volume permissions for /data (SQLite)

Add su-exec to runner stage, run entrypoint as root to chown /data,
then drop to nextjs user for migrations and app start. Fixes permission
denied errors when Docker volume is mounted as root.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docker-entrypoint.sh

@@ -1,11 +1,14 @@
 #!/bin/sh
 set -e
 
-# Run Prisma migrations on every startup (idempotent)
+# Fix /data permissions — Docker volumes are mounted as root by default
+chown -R nextjs:nodejs /data
+
+# Run Prisma migrations as nextjs user
 echo "Running database migrations..."
 DATABASE_URL="${DATABASE_URL:-file:/data/leadflow.db}" \
-  node node_modules/prisma/build/index.js migrate deploy \
+  su-exec nextjs node node_modules/prisma/build/index.js migrate deploy \
   --schema ./prisma/schema.prisma 2>&1 || echo "Migration warning (may already be up to date)"
 
 echo "Starting LeadFlow..."
-exec node server.js
+exec su-exec nextjs node server.js