Podman parity: promote from experimental to supported in 1.1

[pofallon]

Tracking issue for promoting Podman support from experimental (1.0) to fully supported (1.1).

Trait-level Podman integration is already implemented in `crates/core/src/runtime.rs` (`PodmanRuntime`, `ContainerRuntimeImpl::Podman`) and works for the happy path. What's missing for first-class support:

Parity items

• SELinux mount option: emit `label=disable` instead of `:z` for rootless Podman bind mounts (per upstream PR #1045, v0.80.0).
• `--userns=keep-id` handling: include for non-root users in rootless mode; omit for root user (per upstream PR #1018, v0.77.0).
• `--uidmap`/`--gidmap` rules: must not conflict with `--userns` (per upstream PRs #1005 / #1018, v0.77.0).
• Rootless Docker / Podman socket auto-discovery: parity with upstream's rootless detection.

Test coverage

• Add Podman-specific smoke tests gated by `which podman` (mirror of `smoke_up_*` / `smoke_exec` patterns).
• Add Podman integration tests to a `docker-shared` or new `podman-shared` nextest group.
• Verify `--runtime podman` works against examples/up/ and examples/exec/.

Docs

• Once parity items are green and tests are stable, remove the "experimental" markers:
  • README.md "Currently Unsupported" table row
  • README.md "Runtime Selection" section
  • CLAUDE.md "Container Runtimes" section
  • `crates/deacon/src/cli.rs` `RuntimeOption::Podman` doc comment + `--runtime` help text
  • One-time WARN in `crates/core/src/runtime.rs` (`warn_podman_experimental_once`)
• CHANGELOG entry under 1.1.

References

• Upstream parity audit: `docs/ROADMAP_TO_1.0.md` §3.D (Podman parity)
• Filed alongside 1.0 PR-7 (Podman experimental status + CHANGELOG bootstrap)