fix: include Playwright system deps and Chromium binaries in combined image

The root Dockerfile's builder stage runs playwright install chromium
--with-deps, but these deps and the browser cache were not persisted
to the runtime stage. The scanner process could never start because
Playwright/Chromium libraries were missing.

Add the same shared-library dependencies that the standalone scanner
Dockerfile lists, copy the Chromium browser cache from the builder,
and set PLAYWRIGHT_BROWSERS_PATH so Playwright finds the browsers.

Fixes the ConnectError: the scanner can now launch Chromium and respond
to scan requests on http://127.0.0.1:8001.

Dockerfile

@@ -39,11 +39,19 @@ WORKDIR /app
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
     libpq5 postgresql-client curl tini supervisor nginx \
+    libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdbus-1-3 \
+    libdrm2 libgbm1 libgtk-3-0 libnspr4 libxcomposite1 libxdamage1 \
+    libxfixes3 libxrandr2 libxshmfence1 libpango-1.0-0 libcairo2 \
+    libasound2 libatspi2.0-0 libx11-xcb1 fonts-liberation \
     && rm -rf /var/lib/apt/lists/* \
     && apt-get clean
 
-# Copy Python deps from builder
+# Copy Python deps and Playwright/Chromium browser from builder
 COPY --from=builder /install /usr/local
+COPY --from=builder /root/.cache/ms-playwright /root/.cache/ms-playwright
+
+# Tell Playwright where to find Chromium (baked from builder)
+ENV PLAYWRIGHT_BROWSERS_PATH=/root/.cache/ms-playwright
 
 # Copy application code
 COPY apps/api/src ./src