Add Dockerfile for Node+podman CI image

ci/Dockerfile.ci-node-podman

@@ -0,0 +1,27 @@
+# Dockerfile.ci-node-podman
+FROM node:20-bookworm-slim
+
+# Tools needed at runtime by actions and your scripts
+# - git: actions/checkout uses it
+# - curl, ca-certificates: handy for health checks, etc.
+# - jq: used in your scripts
+# Then add the libcontainers repo to get a recent Podman (v5.x).
+RUN set -eux; \
+  apt-get update; \
+  apt-get install -y --no-install-recommends \
+      ca-certificates curl git gnupg jq; \
+  . /etc/os-release; \
+  echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] \
+       https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${VERSION_ID}/ /" \
+    > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list; \
+  curl -fsSL \
+      "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${VERSION_ID}/Release.key" \
+    | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg; \
+  apt-get update; \
+  apt-get install -y --no-install-recommends podman; \
+  apt-get purge -y gnupg; \
+  rm -rf /var/lib/apt/lists/*
+
+# These match your runner’s rootless socket layout
+ENV XDG_RUNTIME_DIR=/run/user/999
+ENV CONTAINER_HOST=unix:///run/user/999/podman/podman.sock