feat(lab-02): complete Phase 3 - Network & VPC lab

Implement Lab 02 with Docker bridge networks simulating VPC/Subnets.

Test Infrastructure (RED phase):
- 6 bash test scripts for network creation, isolation, INF-02 compliance
- Fail-fast orchestration with run-all-tests.sh
- Quick validation script for development

Documentation (Diátaxis framework):
- 3 tutorials: VPC creation, container deployment, isolation verification
- 4 how-to guides: create network, inspect config, test isolation, cleanup
- 3 reference docs: Docker network commands, Compose syntax, VPC mapping
- 1 explanation: Docker ↔ VPC parallels (PARA-01/02/03/04)

Infrastructure (GREEN phase):
- docker-compose.yml with VPC networks (10.0.1.0/24, 10.0.2.0/24)
- 5 services: web, app, db, test-public, test-private
- INF-02 compliant: 127.0.0.1 bindings only, no 0.0.0.0
- Private network with --internal flag
- Multi-homed app container (public + private networks)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

labs/lab-02-network/docker-compose.yml

@@ -0,0 +1,117 @@
+# Lab 02: Network & VPC - Docker Compose Configuration
+# Simula una VPC con subnet pubbliche e private usando Docker bridge networks
+
+version: "3.8"
+
+services:
+  # Web Server - rete pubblica (accessibile da localhost)
+  web:
+    image: nginx:alpine
+    container_name: lab02-web
+    hostname: web
+    networks:
+      vpc-public:
+        ipv4_address: 10.0.1.10
+    ports:
+      - "127.0.0.1:8080:80"  # INF-02 compliant: solo localhost
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:80"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 5s
+
+  # Application Server - multi-homed (pubblica + privata)
+  app:
+    image: nginx:alpine
+    container_name: lab02-app
+    hostname: app
+    networks:
+      vpc-public:
+        ipv4_address: 10.0.1.20
+      vpc-private:
+        ipv4_address: 10.0.2.20
+    ports:
+      - "127.0.0.1:8081:80"  # INF-02 compliant
+    restart: unless-stopped
+    depends_on:
+      web:
+        condition: service_healthy
+      db:
+        condition: service_started
+
+  # Database - rete privata (isolata)
+  db:
+    image: postgres:16-alpine
+    container_name: lab02-db
+    hostname: db
+    environment:
+      POSTGRES_DB: lab02_db
+      POSTGRES_USER: lab02_user
+      POSTGRES_PASSWORD: lab02_password
+      POSTGRES_INITDB_ARGS: "-E UTF8"
+    networks:
+      vpc-private:
+        ipv4_address: 10.0.2.10
+    # Nessuna porta esposta - completamente privato
+    volumes:
+      - db-data:/var/lib/postgresql/data
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U lab02_user -d lab02_db"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+  # Test Container - per verifica isolamento
+  test-public:
+    image: alpine:3.19
+    container_name: lab02-test-public
+    hostname: test-public
+    command: ["sh", "-c", "sleep 3600"]
+    networks:
+      vpc-public:
+        ipv4_address: 10.0.1.30
+    restart: unless-stopped
+
+  test-private:
+    image: alpine:3.19
+    container_name: lab02-test-private
+    hostname: test-private
+    command: ["sh", "-c", "sleep 3600"]
+    networks:
+      vpc-private:
+        ipv4_address: 10.0.2.30
+    restart: unless-stopped
+
+# VPC Networks simulation
+networks:
+  # Public Subnet - simula subnet con accesso internet
+  vpc-public:
+    name: lab02-vpc-public
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.0.1.0/24
+          gateway: 10.0.1.1
+          ip_range: 10.0.1.128/25
+
+  # Private Subnet - isolata, senza accesso esterno
+  vpc-private:
+    name: lab02-vpc-private
+    driver: bridge
+    internal: true  # Isola da internet (simula private subnet)
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.0.2.0/24
+          gateway: 10.0.2.1
+          ip_range: 10.0.2.128/25
+
+# Persistent Volumes
+volumes:
+  db-data:
+    driver: local