fix(containerd): add pid:host for CNI netns access and runtime deps to MCP image

- Add pid: host to containerd service so server can access MCP container
  network namespaces via /proc/PID/ns/net for CNI setup
- Add Node.js, npm, Python 3, uv to embedded MCP image rootfs so users
  can run npx/uvx MCP servers inside containers

docker/Dockerfile.containerd

@@ -24,7 +24,18 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 # ---- Stage 2: Assemble MCP image rootfs ----
 FROM alpine:latest AS mcp-rootfs
 
-RUN apk add --no-cache grep
+# Base utilities
+RUN apk add --no-cache grep curl bash
+
+# Node.js + npm (provides npx for JS/TS MCP servers)
+RUN apk add --no-cache nodejs npm
+
+# Python 3 + uv (provides uvx for Python MCP servers)
+RUN apk add --no-cache python3 && \
+    curl -LsSf https://astral.sh/uv/install.sh | sh && \
+    ln -sf /root/.local/bin/uv /usr/local/bin/uv && \
+    ln -sf /root/.local/bin/uvx /usr/local/bin/uvx
+
 COPY --from=mcp-builder /out/mcp /opt/mcp
 COPY cmd/mcp/template /opt/mcp-template