Properly utilize exec in helper scripts

[felddy]

🗣 Description

This PR modifies the way that launcher.sh and the ultimate node processes are created.

💭 Motivation and context

The enterypoint.sh script will now call exec su-exec instead of just su-exec when
starting the launcher.sh. I had wrongly assumed that su-exec was also execing.

Similarly launcher.sh will now use exec env... instead of env to start node.

The motivation is to get the node process as PID 1 in the container, thus simplifying signal handling.

I went this route instead of implementing traps or using an init process as it was my original design goal to have a simple, single-process container.

Closes #813

🧪 Testing

Tested locally on my development box. I was able to verify that the process list is collapsed as designed.

Before:

➤ docker compose exec -it foundry ps
PID   USER     TIME  COMMAND
    1 root      0:00 {entrypoint.sh} /bin/sh ./entrypoint.sh resources/app/main.mjs --port=30000 --headless --noupdate --dataPath=/data
  112 501       0:00 {launcher.sh} /bin/sh ./launcher.sh resources/app/main.mjs --port=30000 --headless --noupdate --dataPath=/data
  142 501       0:01 node resources/app/main.mjs --port=30000 --headless --noupdate --dataPath=/data
  163 root      0:00 ps

After:

➤ docker compose exec -it foundry ps
PID   USER     TIME  COMMAND
    1 501       0:01 node resources/app/main.mjs --port=30000 --headless --noupdate --dataPath=/data
  329 root      0:00 ps

Also tested in CI.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated
  to reflect the changes in this PR.
• All new and existing tests pass.