Restructure cistech-tunnel to match rego-tunnel pattern

- build/: Dockerfile + entrypoint.sh (base image with VNC/noVNC)
- shared/: Runtime scripts mounted into container
  - xstartup: VNC startup, launches openconnect-vpn in xterm
  - openconnect-vpn: Main VPN script with menu, auto-connect, watchdog
- Removed source/ folder (replaced by build/)
- Updated docker-compose.json with proper volume mounts
- Changed port to 6080 (noVNC default)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/cistech-tunnel/build/scripts/entrypoint.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Entrypoint: VNC password setup + DNS fix + start VNC
+
+set -euo pipefail
+
+# Setup TigerVNC password file from env var
+if [ -n "${VNC_PASSWORD:-}" ]; then
+    mkdir -p /root/.vnc
+    printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
+    chmod 600 /root/.vnc/passwd
+fi
+
+# DNS fix for containers
+cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
+cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
+umount /etc/resolv.conf 2>/dev/null || true
+umount /etc/hosts 2>/dev/null || true
+cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
+cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
+
+# Enable IP forwarding
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo "[entrypoint] IP forwarding enabled"
+
+# Clean up stale X locks
+rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
+
+# Start VNC server
+echo "[entrypoint] Starting TigerVNC server..."
+mkdir -p /root/.vnc
+vncserver :1 -geometry 1280x800 -depth 24 -SecurityTypes VncAuth -localhost no
+
+# Wait for VNC to start
+sleep 2
+
+# Start noVNC websockify
+echo "[entrypoint] Starting noVNC on port ${NOVNC_PORT:-6080}..."
+websockify --web=/usr/share/novnc/ ${NOVNC_PORT:-6080} localhost:5901 &
+
+# Keep container running
+echo "[entrypoint] VNC ready. Tailing logs..."
+tail -f /root/.vnc/*.log