feat(domain): add task visibility and supporting infrastructure
Core domain and utility updates:
- domain/task.go: Task model with visibility system
* Visibility enum: private, lab, institution, open
* Group associations for lab-scoped access
* CreatedBy tracking for ownership
* Sharing metadata with expiry
- config/paths.go: Group-scoped data directories and audit log paths
- crypto/signing.go: Key management for audit sealing, token signature verification
- container/supply_chain.go: Image provenance tracking, vulnerability scanning
- fileutil/filetype.go: MIME type detection and security validation
- fileutil/secure.go: Protected file permissions, secure deletion
- jupyter/: Package and service manager updates
- experiment/manager.go: Visibility cascade from experiments to tasks
- network/ssh.go: SSH tunneling improvements
- queue/: Filesystem queue enhancements
4b2782f674