fix(gateway): try harder to detect Podman

[krishicks]

Summary

Auto-detection previously treated Podman as available only when the podman CLI was visible on PATH. However, package manager services can run with a restricted PATH, which lets Docker be selected even when a Podman API socket is reachable. Additionally, podman may symlink /var/run/docker.sock to podman's machine unix socket, which would be incorrectly detected as Docker. Worse still: the podman machine may not even be running.

This replaces the Podman binary check with a functional HTTP probe against the standard Podman socket paths. The probe requires /_ping to answer with a Libpod-Api-Version header before treating the socket as Podman, which lets the gateway select the embedded Podman driver only when the API is usable.

Related Issue

Changes

• Detect Podman when either the podman CLI is available or a standard Podman API socket is reachable.
• Add Podman socket candidate probing for OPENSHELL_PODMAN_SOCKET, XDG_RUNTIME_DIR, Linux /run/user/{uid}, and macOS Podman machine socket paths.
• Add/update unit tests for Podman socket candidate selection and reachable Unix socket detection.

Testing

• mise run pre-commit passes
• Unit tests added/updated
• E2E tests added/updated (if applicable)

Additional validation:

• Built and ran current and previous gateway binaries with a restricted PATH; current commit selected Podman, previous commit selected Docker.

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (if applicable)

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[github-actions]

All contributors have signed the DCO ✍️ ✅
_{Posted by the DCO Assistant Lite bot.}

[krishicks]

I have read the DCO document and I hereby sign the DCO.

[krishicks]

recheck

[drew]

/ok to test 6e7e986