fix: address review — move LOGFILE to tmpfs, add CapDrop check (#706)

LOGFILE=/var/chat/chat.log is unwritable on read-only rootfs; move to
/tmp/chat.log (tmpfs-backed). Add CapDrop=ALL assertion to verify script
so removing cap_drop from compose is caught.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docker/chat/entrypoint-chat.sh

@@ -6,7 +6,7 @@ set -euo pipefail
 # Exec-replace pattern: this script is the container entrypoint and runs
 # the server directly (no wrapper needed). Logs to stdout for docker logs.
 
-LOGFILE="/var/chat/chat.log"
+LOGFILE="/tmp/chat.log"
 
 log() {
     printf '[%s] %s\n' "$(date -u '+%Y-%m-%d %H:%M:%S UTC')" "$*" | tee -a "$LOGFILE"

tools/edge-control/verify-chat-sandbox.sh

@@ -39,6 +39,14 @@ else
     fail "CapAdd expected null, got $cap_add"
 fi
 
+# CapDrop — should contain ALL
+cap_drop=$(echo "$inspect_json" | python3 -c "import sys,json; caps=json.load(sys.stdin)[0]['HostConfig']['CapDrop'] or []; print(' '.join(caps))")
+if echo "$cap_drop" | grep -q "ALL"; then
+    pass "CapDrop contains ALL"
+else
+    fail "CapDrop expected ALL, got: $cap_drop"
+fi
+
 # PidsLimit
 pids_limit=$(echo "$inspect_json" | python3 -c "import sys,json; print(json.load(sys.stdin)[0]['HostConfig']['PidsLimit'])")
 if [ "$pids_limit" = "128" ]; then