docker-securitylisted

# Docker Security Advanced hardening for already-deployed hermit containers. Each toggle is opt-in, presented with honest cost/benefit framing, and applied as a `docker-compose.security.yml` overlay that the `hermit-docker` wrapper auto-detects. Reversal: re-run and answer No to every prompt, or delete `docker-compose.security.yml` directly. **Tone:** Honest about tradeoffs. Tell operators what each toggle does AND does not protect. Do not oversell. **Important:** Run all checks and commands sequentially — do not use parallel tool calls. Templates live in `${CLAUDE_SKILL_DIR}/../../state-templates/docker/security/`. ## Trust model framing (read to operator at the start of step 2) > Installing a plugin runs that plugin's hooks and skills with the same authority as hermit. The container hardening here reduces what a *compromised* plugin can do to the host kernel and your local network — it does not vet the plugin's intent, sandbox its file access within the project, or prevent it from acting on your behalf via the agent. A malicious or careless plugin still runs as you. > > **Honest limitation:** DNS policy below blocks domain-based exfil/C2 but cannot stop direct-IP egress to a hardcoded public address. A future release may add nftset-driven IP allowlisting. ## Plan ### 0. Refuse to run inside the hermit container This skill is host-only — it writes a `docker-compose.security.yml` overlay on the host and recreates the container with stronger isolation. Run: `[ -f /.d