feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint.
- Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately.
- Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly.
- Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.

deploy/tools/validate-profiles.sh

@@ -11,7 +11,18 @@ compose_profiles=(
   "docker-compose.airgap.yaml:env/airgap.env.example"
 )
 
+docker_ready=false
 if command -v docker >/dev/null 2>&1; then
+  if docker compose version >/dev/null 2>&1; then
+    docker_ready=true
+  else
+    echo "⚠️  docker CLI present but Compose plugin unavailable; skipping compose validation" >&2
+  fi
+else
+  echo "⚠️  docker CLI not found; skipping compose validation" >&2
+fi
+
+if [[ "$docker_ready" == "true" ]]; then
   for entry in "${compose_profiles[@]}"; do
     IFS=":" read -r compose_file env_file <<<"$entry"
     printf '→ validating %s with %s\n' "$compose_file" "$env_file"
@@ -19,8 +30,6 @@ if command -v docker >/dev/null 2>&1; then
       --env-file "$COMPOSE_DIR/$env_file" \
       -f "$COMPOSE_DIR/$compose_file" config >/dev/null
   done
-else
-  echo "⚠️  docker CLI not found; skipping compose validation" >&2
 fi
 
 helm_values=(