Decouple corepack enable from the runner chmod in the Dockerfile template

[chiro-hiro]

Problem

Closes #44.

The runner-stage chmod in Dockerfile.template chained corepack enable onto its tail through a template variable whose value was the literal shell operator " && corepack enable":

chmod -R 750 ${RUNNER_WORKDIR}{{corepack_enable}}

Embedding a shell operator inside a template variable couples shell control flow to the templating layer, and the {{corepack_enable}} placeholder was concatenated directly onto the chmod with no separation boundary. Both previously-open branches independently removed this pattern, which suggests it was recognised as fragile.

Fix

corepack enable is now emitted as its own RUN layer:

• COREPACK_ENABLE holds only the command (corepack enable), no shell operator.
• New generate_corepack_run() helper emits a dedicated RUN corepack enable (with a comment) when the template requires it.
• New {{corepack_run}} multi-line placeholder; the runner chmod stands alone.
• {{corepack_enable}} and its perl substitution are removed.

Behaviour is unchanged: node/next still enable corepack (now in a clean dedicated layer), nginx still emits none.

Generated node runner stage (after)

RUN mkdir -p ${RUNNER_WORKDIR} && \
  chown -R node:node ${RUNNER_WORKDIR} && \
  chown -R node /home/node && \
  chmod -R 750 ${RUNNER_WORKDIR}

# Enable corepack to manage the project's package manager
RUN corepack enable

Verification

• shellcheck dockerfile.sh — no findings
• --dry-run for node, next, nginx all generate valid Dockerfiles; corepack appears as a standalone RUN for node/next and is absent for nginx; no stray blank lines