devcontainer: pin docker-in-docker to 2.x (fix arm64 prebuild)

[bilby91]

The actual root cause

The arm64 prebuild kept failing on the same PEP 668 pip install through #89, #90, and #91 — because none of those changes affected which version of the docker-in-docker feature runs.

ghcr.io/devcontainers/features/docker-in-docker:1 resolves to a stale, frozen 1.x image. The feature has no 1.x releases anymore — published tags start at 2.0.1 and the current release is 3.0.1. That old 1.x script runs a global pip install docker-compose on bookworm/arm64, which fails under PEP 668 (externally-managed-environment). amd64 was never affected — it gets a prebuilt Compose-v1 binary instead of the pip path.

I confirmed by reading the released scripts directly: in 2.17.0 and 3.0.1, the entire compose/pip block is gated by if [ "$DOCKER_DASH_COMPOSE_VERSION" != "none" ]. So :2 + dockerDashComposeVersion: none ⇒ no pip on arm64 at all.

Change

• docker-in-docker:1 → :2 (current 2.x; avoids the abandoned 1.x line).
• Keep dockerDashComposeVersion: none — the repo only uses docker compose v2 (runtime/docker/compose.go: "legacy docker-compose is not supported"), and the v2 plugin ships via the moby-compose apt package independent of this option.

Why I'm confident this time

Earlier fixes addressed real but secondary issues (trixie base, Compose v1 vs v2) without touching the stale version pin, so the same pip step kept running. This removes that step at the source. amd64 already builds green; this should let the multi-arch :latest manifest finally publish.

Verifiable only by the DevContainer Prebuild run on main after merge.

🤖 Generated with Claude Code

[coderabbitai]

Warning

Review limit reached

@bilby91, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 hour, 13 minutes, and 49 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 35c62069-93f5-4735-82b4-ccfd1d04e188

📥 Commits

Reviewing files that changed from the base of the PR and between 3e13ac9 and c0bce83.

📒 Files selected for processing (1)

• .devcontainer/devcontainer-build.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-dind-version-pin

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}