riverside needs a postgres sidecar which oci-containers can't express. Also adds docker to arion PATH (fixes forgejo-arion) and creates /var/riverside/{files,postgres} state directories. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>