init: Prove the concept of reproducible builds

Dockerfile

@@ -0,0 +1,19 @@
+FROM nixos/nix:latest
+
+WORKDIR /app
+COPY . .
+
+RUN mkdir -p ~/.config/nix && \
+    echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf && \
+    nix build .#app
+
+# Extract the built binary
+RUN cp -rL result/* /tmp/app/ || cp result /tmp/app/hello-world
+
+# Use a minimal runtime image - no system dependencies needed!
+FROM debian:bookworm-slim
+
+# All functionality is in Rust crates, no need for system binaries
+COPY --from=0 /tmp/app/ /usr/local/bin/
+
+CMD ["/usr/local/bin/hello-world"]