fix: keep OAuth flow working on read-only container roots

The DCR client registry created its storage directory eagerly in __init__,
and DCR_STORAGE_PATH defaulted to /var/lib/aegis-mcp — a path that is neither
created in the image nor mounted as a writable volume. Under the hardened
read-only docker-compose, every /oauth/authorize, /oauth/token, and /register
call hit `mkdir('/var/lib/aegis-mcp')` on a read-only filesystem, raising an
unhandled OSError and returning a bare "Internal Server Error" during login.

- oauth_flow.py: defer the storage-dir mkdir from __init__ to _persist (the
  only write path). authorize/token only read the registry, so they no longer
  require a writable filesystem and stop 500-ing.
- docker/Dockerfile: create and chown /var/lib/aegis-mcp.
- docker-compose.yml + docker/docker-compose.yml: add a persistent
  aegis-mcp-data volume mounted at /var/lib/aegis-mcp so DCR registrations
  survive restarts.
- .env.example: document DCR_STORAGE_PATH and set PUBLIC_BASE_URL to the real
  MCP host.
- README.md: spell out exact values (Gitea host, MCP host, callback URL, MCP
  URL) and add a "required writable volumes" section explaining the cause of
  the login 500.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

docker-compose.yml

@@ -16,6 +16,7 @@ services:
       - "8080"
     volumes:
       - aegis-mcp-logs:/var/log/aegis-mcp
+      - aegis-mcp-data:/var/lib/aegis-mcp
       - ./policy.yaml:/app/policy.yaml:ro
     read_only: true
     tmpfs:
@@ -61,6 +62,7 @@ services:
       - ./src:/app/src:ro
       - ./policy.yaml:/app/policy.yaml:ro
       - aegis-mcp-logs:/var/log/aegis-mcp
+      - aegis-mcp-data:/var/lib/aegis-mcp
     security_opt:
       - no-new-privileges:true
     cap_drop:
@@ -72,6 +74,8 @@ services:
 volumes:
   aegis-mcp-logs:
     driver: local
+  aegis-mcp-data:
+    driver: local
 
 networks:
   proxy: