fix(infra): point meshai container DNS at LXC working resolver

The meshai container could not resolve external HTTP hostnames (NWS
api.weather.gov, SWPC services.swpc.noaa.gov, and the meshview mesh
source), failing every poll with "[Errno -3] Temporary failure in name
resolution". Docker's embedded resolver (127.0.0.11) forwards to the
daemon default upstreams 1.1.1.1/8.8.8.8, which are unreachable from
this container's NAT egress (the same egress filter that blocks Docker
Hub). The radio link was unaffected because it is an IP, not a hostname.

Fix: pin the meshai service to dns: [100.100.100.100], the LXC host's
own working resolver (Tailscale MagicDNS). The LXC's /etc/resolv.conf
uses only 100.100.100.100 and resolves the public feeds fine, and it
forwards public queries upstream. A preflight `docker run --dns=
100.100.100.100 ... getent hosts api.weather.gov` resolved successfully
from the docker bridge, confirming the container can reach MagicDNS.

Chosen over network_mode: host (more invasive, needs port-binding
review) and a host-side daemon.json dns key (affects all containers,
lives outside git). This directive is in-repo, git-tracked, and survives
daemon reloads.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker-compose.yml

@@ -27,6 +27,13 @@ services:
     container_name: meshai
     restart: unless-stopped
 
+    # Resolve external HTTP feeds via the LXC host's working resolver
+    # (Tailscale MagicDNS, 100.100.100.100). The Docker daemon default
+    # of 1.1.1.1/8.8.8.8 is unreachable from this container's NAT egress,
+    # which silently broke NWS/SWPC/meshview hostname resolution.
+    dns:
+      - 100.100.100.100
+
     # Uncomment for USB serial connection to Meshtastic device
     # devices:
     #   - /dev/ttyUSB0:/dev/ttyUSB0