add Podman Quadlet deployment

- flaskpaste.container for rootless systemd integration
- UserNS mapping for bind mount permissions
- README updated with deployment instructions

flaskpaste.container

@@ -0,0 +1,38 @@
+# FlaskPaste container unit
+# Deploy as flaskpaste user with data in /opt/flaskpaste
+#
+# Setup:
+#   useradd -r -m -d /home/flaskpaste -s /sbin/nologin flaskpaste
+#   mkdir -p /opt/flaskpaste && chown flaskpaste:flaskpaste /opt/flaskpaste
+#   cp flaskpaste.container /home/flaskpaste/.config/containers/systemd/
+#   sudo -u flaskpaste podman build -t localhost/flaskpaste:latest /path/to/source
+#   loginctl enable-linger flaskpaste
+#   systemctl --user -M flaskpaste@ daemon-reload
+#   systemctl --user -M flaskpaste@ start flaskpaste
+
+[Unit]
+Description=FlaskPaste pastebin service
+After=local-fs.target
+
+[Container]
+Image=localhost/flaskpaste:latest
+ContainerName=flaskpaste
+PublishPort=5001:5000
+Volume=/opt/flaskpaste:/app/data:Z
+UserNS=keep-id:uid=999,gid=999
+
+Environment=FLASK_ENV=production
+Environment=FLASKPASTE_URL_PREFIX=/paste
+Environment=FLASKPASTE_EXPIRY_ANON=432000
+Environment=FLASKPASTE_MAX_ANON=3145728
+Environment=FLASKPASTE_MAX_AUTH=52428800
+
+# Note: Healthcheck defined in Containerfile; Quadlet healthcheck disabled to avoid race
+# Resource limits (--memory, --cpus) require cgroup delegation for rootless
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target