- rewrite builder stage to use uv with venv for isolated builds and tests
- disable COMPOSE_BAKE (created manifest lists instead of plain images,
causing latest tag to point to stale cached image despite build logs
showing successful installation)
- pass "$@" from build scripts to docker compose build so --no-cache
and other CLI flags actually reach Docker (previously silently ignored)
- fix shared volume comment: read-write not read-only
