fix: standardize vscode user across all devcontainer environments (#440)

* fix: standardize to vscode user across all configurations

- Update Dockerfile to set default USER to vscode before CMD
  This ensures container starts as vscode user even without devcontainer.json

- Update Coder template.tf to use /home/vscode/ paths instead of /root/
  - Environment variables: HISTFILE, GIT_CONFIG_GLOBAL
  - All volume mounts: .claude, .gemini, .m2, .npm, .vscode-server, etc.
  - Remove duplicate .claude.json file mount (now part of .claude/ directory)

This aligns all deployment methods (local Docker, devcontainer, Coder) to
consistently use the vscode non-root user for security and consistency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: use bash shell for maven settings copy on windows

Force bash shell instead of PowerShell for the Maven settings copy step
to ensure cross-platform compatibility. PowerShell doesn't support
`mkdir -p` the same way as Unix shells.

Fixes failing Windows matrix test in CI.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: resolve devcontainer permission issues with vscode user

- Add updateRemoteUserUID to sync container UID with host
- Switch to local build instead of prebuilt image
- Create permission fix script for dev-server
- Add permission validation to post-create script
- Create verification script for testing
- Add comprehensive documentation

Fixes permission issues when running as non-root vscode user.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* chore: clean up devcontainer docs and restore prebuilt image

- Remove verbose documentation files
- Remove macOS-specific setup script
- Add concise Coder workspace setup guide
- Restore prebuilt image as default (for CI/CD)
- Keep permission fix scripts for Coder environments

Essential files kept:
- fix-dev-server-permissions.sh (for Coder/Linux)
- verify-permissions.sh (validation)
- Updated devcontainer.json (remoteUser + updateRemoteUserUID)
- Updated post-create.sh (permission validation)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat: fully automate permission fixing with entrypoint script

BREAKING CHANGE: Container now starts as root and automatically fixes
permissions before switching to vscode user. No manual steps required.

Changes:
- Add entrypoint.sh that runs as root to fix all permissions
- Container starts as root, entrypoint fixes perms, then switches to vscode
- Remove manual fix script (no longer needed)
- Update Dockerfile to use ENTRYPOINT for automatic permission fixing
- Update CODER-SETUP.md to reflect zero manual steps

How it works:
1. Container starts as root (Dockerfile)
2. Entrypoint automatically fixes workspace and config directory ownership
3. Entrypoint switches to vscode user using runuser
4. VS Code connects as vscode (remoteUser setting)

Benefits:
✅ Zero manual commands needed in Coder
✅ Works on every container start/restart
✅ Fixes permissions for all bind-mounted directories automatically
✅ Proper SSH permissions set automatically (700 for .ssh, 600 for keys)
✅ Safe: uses runuser to switch from root to vscode

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* docs: clean up and consolidate markdown documentation

Remove unnecessary and redundant documentation files:

Removed:
- .coder/QUICKSTART.md (redundant with README.md)
- .coder/SERVER_CLEANUP.md (temporary doc)
- .devcontainer/NEW-USER-ONBOARDING.md (redundant with .coder/README.md)
- apps/backend/README_START.md (merged into README.md)
- apps/backend/SECURITY_NOTES.md (merged into README.md)
- All frontend migration notes (temporary, migration complete):
  * payrollemp/MIGRATION_SUMMARY.md
  * payrollemp/PAYROLLEMP_LARGE_FILES_MIGRATION_GUIDE.md
  * purchase_order/TESTING_NOTES.md
  * purchase_order/screens/create/MIGRATION_NOTE.md
  * purchase_order/sections/MIGRATION_NOTES.md
  * request_for_quotation/sections/MIGRATION_NOTES.md

Consolidated:
- apps/backend/README.md - Now includes:
  * Quick start instructions
  * Java 21 installation guide
  * Configuration details
  * Security notes
  * Tech stack overview
  * Development commands
  * Troubleshooting

Benefits:
✅ Reduced documentation fragmentation
✅ Single source of truth for backend docs
✅ Removed outdated migration notes
✅ Cleaner repository structure

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* chore: add pr description

* fix: run coder workspace as vscode user instead of root

Add user = "vscode" to docker_container.workspace resource in Coder template.
This ensures all shells and processes run as non-root vscode user, aligning
with devcontainer.json remoteUser setting and improving security.

---------

Co-authored-by: Mohsin Hashmi <mhashmi@wiser.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: 3 people

.coder/template.tf

@@ -270,6 +270,9 @@ resource "docker_container" "workspace" {
 
   hostname = "simpleaccounts-dev"
 
+  # Run as vscode user (non-root)
+  user = "vscode"
+
   # Resource limits: 2 CPU, 4GB RAM
   memory  = 4096  # 4GB
   # cpus = 2.0 # DISABLED: Causes provider panic (interface conversion: interface {} is string, not float32) in kreuzwerker/docker v3.6.2