feat(lab-02): complete Phase 3 - Network & VPC lab

Implement Lab 02 with Docker bridge networks simulating VPC/Subnets.

Test Infrastructure (RED phase):
- 6 bash test scripts for network creation, isolation, INF-02 compliance
- Fail-fast orchestration with run-all-tests.sh
- Quick validation script for development

Documentation (Diátaxis framework):
- 3 tutorials: VPC creation, container deployment, isolation verification
- 4 how-to guides: create network, inspect config, test isolation, cleanup
- 3 reference docs: Docker network commands, Compose syntax, VPC mapping
- 1 explanation: Docker ↔ VPC parallels (PARA-01/02/03/04)

Infrastructure (GREEN phase):
- docker-compose.yml with VPC networks (10.0.1.0/24, 10.0.2.0/24)
- 5 services: web, app, db, test-public, test-private
- INF-02 compliant: 127.0.0.1 bindings only, no 0.0.0.0
- Private network with --internal flag
- Multi-homed app container (public + private networks)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

labs/lab-02-network/Dockerfile

@@ -0,0 +1,28 @@
+# Dockerfile for Lab 02 - Network & VPC
+# Test container image for network isolation verification
+
+# Use Alpine 3.19 as base image
+FROM alpine:3.19
+
+# Create non-root user for security (INF-01 compliance)
+RUN addgroup -g 1000 appgroup && \
+    adduser -D -u 1000 -G appgroup appuser
+
+# Install network testing tools
+RUN apk add --no-cache \
+    iputils \
+    bind-tools \
+    curl \
+    netcat-openbsd \
+    tcpdump \
+    strace \
+    && rm -rf /var/cache/apk/*
+
+# Switch to non-root user
+USER appuser
+
+# Set working directory
+WORKDIR /home/appuser
+
+# Default command - sleep for testing
+CMD ["sh", "-c", "sleep 3600"]