fix(ci): wrap GitLab dind TLS env in docker context so buildx accepts it (#330)

The build-backend and build-frontend jobs were failing immediately after
identity verification finally allocated runners:

    $ docker buildx create --use --name multiarch --driver docker-container
    ERROR: could not create a builder instance with TLS data loaded from
    environment. Please use `docker context create <context-name>` to create
    a context for current environment and then create a builder instance
    with context set to <context-name>

The dind service exports DOCKER_HOST=tcp://docker:2376 +
DOCKER_TLS_CERTDIR=/certs, but buildx --driver docker-container doesn't
read TLS from those env vars directly. Documented GitLab fix: create an
empty `docker context` (which inherits the current TLS env), then bind
buildx to that context name as a positional arg.

After this lands, the multi-arch buildx jobs should actually build and
push amd64 + arm64 images to
  registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest
  registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest

Surfaced by the post-verification pipeline at
  https://gitlab.com/bigbodycobain/Shadowbroker/-/pipelines/2550501798

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

.gitlab-ci.yml

@@ -52,7 +52,11 @@ variables:
     - docker info
     - docker login -u "$CI_REGISTRY_USER" -p "$CI_JOB_TOKEN" "$CI_REGISTRY"
     - docker run --privileged --rm tonistiigi/binfmt --install all
-    - docker buildx create --use --name multiarch --driver docker-container
+    # buildx --driver docker-container can't read TLS from the env vars
+    # the GitLab dind service exports. Wrap them in a docker context and
+    # bind buildx to it. See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-buildx
+    - docker context create tls-env
+    - docker buildx create --use --name multiarch --driver docker-container tls-env
 
 # ── Backend image ────────────────────────────────────────────────────────
 build-backend: