Release v0.4.0 — per-run target URL override across REST/CLI/web/client

feat(reporting): add regulatory compliance section to HTML and JSON r…

…eports

fix(release): use correct Docker Hub repo nickcrew/crucible

The Docker Hub repository is nickcrew/crucible, not atlascrew/crucible.
Update the workflow image target and all documentation references.

fix(docker): add build toolchain to builder stage for pnpm deploy

pnpm deploy re-runs lifecycle scripts including node-gyp rebuild for
node-pty, so the builder stage also needs python3, make, and g++.
Bump to 0.2.3 for release.

chore(crucible): bump to 0.2.2 for Docker fix release

fix(crucible): add repository url for npm provenance verification

The npm provenance check requires repository.url to match the GitHub
Actions OIDC source. Bump to 0.2.1 since 0.2.0 provenance was already
logged to the Sigstore transparency log.

feat(ci): add npm publish job with environment secrets and migrate Do…

…cker to DockerHub

Add npm publish job to release workflow with environment: npm for
secret access. Migrate Docker image target from GHCR to DockerHub.
Add build:release validation step to CI pipeline.

fix(ci): bump TypeScript to 5.8.3 across all packages

@vitejs/plugin-react@5.1.4 emits `as "module.exports"` in its .d.ts
which requires TS 5.8+ to parse. Pin all packages to 5.8.3 to resolve
parse errors during type-check in CI. Also updates README.