feat: add Rocket.Chat Docker deployment with user provisioning (#147)

[t0kubetsu]

Summary

Closes #147.

• Standalone Rocket.Chat instance with MongoDB 6.0 replica set, fully Dockerized
• Automated user provisioning (admins + regular users) via REST API
• Personal access tokens generated for every provisioned user and written to a named volume

Changes

• Dockerfile — Two-stage build: node:20-alpine builder (installs yq/jq, copies provisioning scripts) → rocketchat/rocket.chat:latest runtime
• compose.yml — Four services: mongodb (replica set), mongo-init-replica (one-shot rs.initiate), rocketchat, provisioner; debug anchor included but commented out
• provisioning/users.yml — Declarative user list (admins + regular users); passwords clearly marked for change before deploy
• provisioning/init.sh — POSIX sh provisioner: health-wait loop, idempotency stamp, admin login, user creation via POST /api/v1/users.create, PAT generation via POST /api/v1/users.generatePersonalAccessToken (user logs in as themselves), output to /tokens/tokens.txt
• .env.example — Template for RC_BASE_URL, RC_ADMIN_USER/PASS/EMAIL, HTTP_PORT
• Makefile — Follows repo pattern (SERVICE=rocketchat, PROVISIONER=rocketchat-provisioner); adds tokens target to print generated PATs
• .dockerignore — Excludes .env, *.key, *.pem, README.md from build context
• README.md — Prerequisites, Quick Start, Build & Push, Declaring Users, Token Retrieval, API Usage Examples, Env Vars table, Troubleshooting (MongoDB replica set + provisioner auth errors)

Design Notes

• Builder base node:20-alpine matches the official Rocket.Chat Dockerfile base; runtime is rocketchat/rocket.chat:latest (Alpine/Node)
• ADMIN_USERNAME / ADMIN_PASS / ADMIN_EMAIL env vars trigger Rocket.Chat's built-in first-run admin creation — no setup wizard interaction needed (OVERWRITE_SETTING_Show_Setup_Wizard: completed)
• REST API provisioning — no direct MongoDB writes; uses the stable v1 API surface
• Idempotent — /tokens/.provisioned stamp prevents double-provisioning on container restart

Testing

• make build-up starts all four services cleanly
• docker logs rocketchat-mongo-init shows replica set init success
• Rocket.Chat web UI reachable at http://localhost:3000
• make tokens prints username:token lines for all declared users
• Re-running provisioner with stamp present exits cleanly (idempotency)

Related Issues

• Closes feat: Deploy a standalone Rocket.Chat instance (Dockerized, with users provisioned) #147

[t0kubetsu]

Code review — fixes applied

Fix commit: 22e4166

Critical fixes applied

Finding	Fix
rocketchat started before mongo-init-replica completed — race condition causing not primary crashes	Added mongo-init-replica: condition: service_completed_successfully to rocketchat depends_on
mongo-init-replica exited after rs.initiate() before PRIMARY election completed	Init container now loops with rs.isMaster().ismaster check until PRIMARY is confirmed
Personal access tokens printed to stdout/docker logs twice (generate + summary loop)	Both stdout prints removed; tokens written to file only; summary shows make tokens instruction
make tokens used docker exec on stopped container	Replaced with docker run --rm -v rocketchat-tokens:/tokens alpine cat /tokens/tokens.txt
apk add yq may install wrong yq version	Replaced with explicit wget of mikefarah/yq v4.44.1
make clean ran system-wide docker system prune	Replaced with docker compose down -v --rmi all
MongoDB healthcheck confirmed alive but not replica-set-ready	Healthcheck updated to rs.status().ok check

Open items (non-blocking for lab)

• rocketchat/rocket.chat:latest tag should be pinned — OVERWRITE_SETTING_Show_Setup_Wizard behavior may change across major versions
• ADMIN_PASS env var fallback Admin1234! promotes bad habits — consider removing default and requiring explicit set
• Provisioner restart: "no" means transient failures are unrecoverable; make reprovision documented as the recovery path