feat: add platform-aware worker architecture with ARM64 support

Implement platform-specific Dockerfile selection and graceful tool degradation to support both x86_64 and ARM64 (Apple Silicon) platforms.

**Backend Changes:**
- Add system info API endpoint (/system/info) exposing host filesystem paths
- Add FUZZFORGE_HOST_ROOT environment variable to backend service
- Add graceful degradation in MobSF activity for ARM64 platforms

**CLI Changes:**
- Implement multi-strategy path resolution (backend API, .fuzzforge marker, env var)
- Add platform detection (linux/amd64 vs linux/arm64)
- Add worker metadata.yaml reading for platform capabilities
- Auto-select appropriate Dockerfile based on detected platform
- Pass platform-specific env vars to docker-compose

**Worker Changes:**
- Create workers/android/metadata.yaml defining platform capabilities
- Rename Dockerfile -> Dockerfile.amd64 (full toolchain with MobSF)
- Create Dockerfile.arm64 (excludes MobSF due to Rosetta 2 incompatibility)
- Update docker-compose.yml to use ${ANDROID_DOCKERFILE} variable

**Workflow Changes:**
- Handle MobSF "skipped" status gracefully in workflow
- Log clear warnings when tools are unavailable on platform

**Key Features:**
- Automatic platform detection and Dockerfile selection
- Graceful degradation when tools unavailable (MobSF on ARM64)
- Works from any directory (backend API provides paths)
- Manual override via environment variables
- Clear user feedback about platform and selected Dockerfile

**Benefits:**
- Android workflow now works on Apple Silicon Macs
- No code changes needed for other workflows
- Convention established for future platform-specific workers

Closes: MobSF Rosetta 2 incompatibility issue
Implements: Platform-aware worker architecture (Option B)

workers/android/Dockerfile.arm64

@@ -0,0 +1,110 @@
+# FuzzForge Vertical Worker: Android Security (ARM64)
+#
+# Pre-installed tools for Android security analysis:
+# - Android SDK (adb, aapt)
+# - apktool (APK decompilation)
+# - jadx (Dex to Java decompiler)
+# - Frida (dynamic instrumentation)
+# - androguard (Python APK analysis)
+#
+# Note: MobSF is excluded due to Rosetta 2 syscall incompatibility
+# Note: Uses amd64 platform for compatibility with Android 32-bit tools
+
+FROM --platform=linux/amd64 python:3.11-slim-bookworm
+
+# Set working directory
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    # Build essentials
+    build-essential \
+    git \
+    curl \
+    wget \
+    unzip \
+    # Java (required for Android tools)
+    openjdk-17-jdk \
+    # Android tools dependencies (32-bit libraries for emulated amd64)
+    lib32stdc++6 \
+    lib32z1 \
+    # Frida dependencies
+    libc6-dev \
+    # XML/Binary analysis
+    libxml2-dev \
+    libxslt-dev \
+    # Network tools
+    netcat-openbsd \
+    tcpdump \
+    # Cleanup
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Android SDK Command Line Tools
+ENV ANDROID_HOME=/opt/android-sdk
+ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
+
+RUN mkdir -p ${ANDROID_HOME}/cmdline-tools && \
+    cd ${ANDROID_HOME}/cmdline-tools && \
+    wget -q https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip && \
+    unzip -q commandlinetools-linux-9477386_latest.zip && \
+    mv cmdline-tools latest && \
+    rm commandlinetools-linux-9477386_latest.zip && \
+    # Accept licenses
+    yes | ${ANDROID_HOME}/cmdline-tools/latest/bin/sdkmanager --licenses && \
+    # Install platform tools (adb, fastboot)
+    ${ANDROID_HOME}/cmdline-tools/latest/bin/sdkmanager "platform-tools" "build-tools;33.0.0"
+
+# Install apktool
+RUN wget -q https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool -O /usr/local/bin/apktool && \
+    wget -q https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.9.3.jar -O /usr/local/bin/apktool.jar && \
+    chmod +x /usr/local/bin/apktool
+
+# Install jadx (Dex to Java decompiler)
+RUN wget -q https://github.com/skylot/jadx/releases/download/v1.4.7/jadx-1.4.7.zip -O /tmp/jadx.zip && \
+    unzip -q /tmp/jadx.zip -d /opt/jadx && \
+    ln -s /opt/jadx/bin/jadx /usr/local/bin/jadx && \
+    ln -s /opt/jadx/bin/jadx-gui /usr/local/bin/jadx-gui && \
+    rm /tmp/jadx.zip
+
+# Install Python dependencies for Android security tools
+COPY requirements.txt /tmp/requirements.txt
+RUN pip3 install --no-cache-dir -r /tmp/requirements.txt && \
+    rm /tmp/requirements.txt
+
+# Install androguard (Python APK analysis framework)
+RUN pip3 install --no-cache-dir androguard pyaxmlparser
+
+# Install Frida
+RUN pip3 install --no-cache-dir frida-tools frida
+
+# Install OpenGrep/Semgrep (expose as opengrep command)
+RUN pip3 install --no-cache-dir semgrep==1.45.0 && \
+    ln -sf /usr/local/bin/semgrep /usr/local/bin/opengrep
+
+# NOTE: MobSF is NOT installed on ARM64 platform due to Rosetta 2 incompatibility
+# The workflow will gracefully skip MobSF analysis on this platform
+
+# Create cache directory
+RUN mkdir -p /cache && chmod 755 /cache
+
+# Copy worker entrypoint (generic, works for all verticals)
+COPY worker.py /app/worker.py
+
+# Create simplified startup script (no MobSF)
+RUN echo '#!/bin/bash\n\
+# ARM64 worker - MobSF disabled due to Rosetta 2 limitations\n\
+echo "Starting Temporal worker (ARM64 platform - MobSF disabled)..."\n\
+exec python3 /app/worker.py\n\
+' > /app/start.sh && chmod +x /app/start.sh
+
+# Add toolbox to Python path (mounted at runtime)
+ENV PYTHONPATH="/app:/app/toolbox:${PYTHONPATH}"
+ENV PYTHONUNBUFFERED=1
+ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+
+# Healthcheck
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=5 \
+    CMD python3 -c "import sys; sys.exit(0)"
+
+# Run startup script
+CMD ["/app/start.sh"]

workers/android/metadata.yaml

@@ -0,0 +1,42 @@
+# Android Worker Metadata
+#
+# Platform-specific configuration for Android security analysis worker.
+# This file defines which Dockerfile to use for each platform and what tools
+# are available on that platform.
+
+name: android
+version: "1.0.0"
+description: "Android application security testing worker with Jadx, OpenGrep, and MobSF"
+
+# Default platform when auto-detection fails or metadata is not platform-aware
+default_platform: linux/amd64
+
+# Platform-specific configurations
+platforms:
+  # x86_64 / Intel / AMD platform (full toolchain including MobSF)
+  linux/amd64:
+    dockerfile: Dockerfile.amd64
+    description: "Full Android toolchain with MobSF support"
+    supported_tools:
+      - jadx          # APK decompiler
+      - opengrep      # Static analysis with custom Android rules
+      - mobsf         # Mobile Security Framework
+      - frida         # Dynamic instrumentation
+      - androguard    # Python APK analysis
+
+  # ARM64 / Apple Silicon platform (MobSF excluded due to Rosetta limitations)
+  linux/arm64:
+    dockerfile: Dockerfile.arm64
+    description: "Android toolchain without MobSF (ARM64/Apple Silicon compatible)"
+    supported_tools:
+      - jadx          # APK decompiler
+      - opengrep      # Static analysis with custom Android rules
+      - frida         # Dynamic instrumentation
+      - androguard    # Python APK analysis
+    disabled_tools:
+      mobsf: "Incompatible with Rosetta 2 emulation (requires syscall 284: copy_file_range)"
+    notes: |
+      MobSF cannot run under Rosetta 2 on Apple Silicon Macs due to missing
+      syscall implementations. The workflow will gracefully skip MobSF analysis
+      on this platform while still providing comprehensive security testing via
+      Jadx decompilation and OpenGrep static analysis.