Summary

Bakes Tailscale into the image and ships the workspace template with the device + caps + state volume needed for the daemon to run with real TUN networking. Opt-in via `TAILSCALE_AUTHKEY`; no-op without it.

Closes #85

Architecture

Why these architectural choices

• Real TUN, not userspace networking: Tailscale SSH server requires a real TUN device. `--tun=userspace-networking` works for outbound but cannot serve inbound SSH, which is the entire point of this feature.
• Bake binary, drop install: simpler than the apt clock-skew dance + signed-keyring + repo-file at start time. Mirrors the pattern used for `gh`/`just`/`taplo`/`uv`/`hadolint`.
• State volume: previous design wiped state on every recreate, causing ephemeral-key collisions on the tailnet (old node still online, hostname conflict). Persistent volume = same node identity reused.
• Fail-loud on missing TUN: previous design quietly fell back to userspace-networking with a single stderr WARNING line buried in compose output → users never saw it, then wondered why SSH didn't work.
• Idempotent: `tailscale status --self` check before `tailscale up` avoids regenerating sessions on every container start.

What's deferred (separate scope)

• `just tailscale up/down/status/restart` recipes for manual operator invocation. Tracked separately so this PR stays focused on the IN-container plumbing.
• Programmatic OAuth-API auth-key generation from the host side. Belongs in `devc-remote.sh`'s scope.

Validation

• ✅ `just build` (linux/arm64) succeeds
• ✅ `just test-bats` — 18 new BATS cases all pass (chore(ci): align sync-main-to-dev checkout pin with repository standard #298-ci(deps): bump actions/upload-artifact from 4.6.2 to 7.0.0 #315)
• ✅ `just test-image` — 6 new `TestTailscale` pytest cases all pass; 2 unrelated failures (`just`/`cargo-binstall` version pins) are pre-existing on main and fixed in feat(image): bundle agent-CLI toolkit + TUI debug stack + Claude Code (#545) #547
• ✅ Container smoke: `tailscale version` → 1.96.4, `tailscaled --version` → 1.96.4, `setup-tailscale.sh connect` without `TAILSCALE_AUTHKEY` → silent no-op exit 0

Test plan

• CI green (build + tests)
• x86_64 build + tests on ksb-meatgrinder (real Linux kernel; user will retest)
• Live integration on ksb-meatgrinder: deploy with a real OAuth-generated ephemeral key, verify the container's hostname appears in `tailscale status` from the Mac, verify `ssh root@` from Mac into container works.

Related

Part of the scope-split rework of #166 — see also #547 (image toolkit) and #546 (slim Claude Code OAuth-token forwarding).