huskies: merge 1139 story Per-project Dockerfile fragment so agents can extend their own sled image

.huskies/specs/tech/CHAT_DRIVEN_PROJECT_BOOTSTRAP.md

@@ -113,9 +113,27 @@ Layered:
 
 - **`huskies-project-base`**: debian-slim + git + huskies binary + sshd
   + sudo + a `huskies` user with the SSH pubkey installed.
-- **`huskies-stack-<stack>`**: per-stack additions. E.g. rust gets
-  `rustup` + `rust-analyzer` + `cargo-nextest`; node gets `node@22` +
-  `typescript-language-server`; etc.
+- **`huskies-project-<stack>`**: per-stack additions, pre-built by
+  `script/build-project-images`.  E.g. rust gets `rustup` +
+  `rust-analyzer` + `cargo-nextest`; node gets `node@22` +
+  `typescript-language-server`; etc.  Stack fragments live in
+  `docker/stacks/<stack>/Dockerfile.fragment`.
+- **`huskies-project-local-<name>`** *(optional)*: built on the fly at
+  container launch time when the project contains
+  `.huskies/Dockerfile.fragment`.  This file is appended after the
+  stack overlay (`FROM huskies-project-<stack>`) so agents can extend
+  their own image without editing shared stack files.  Because the
+  fragment lives inside the bind-mounted `/workspace/.huskies/`, changes
+  survive container recreation and are committed alongside the project
+  source.  The `project-rebuild` command picks up the fragment
+  automatically when rebuilding.
+
+  Example `.huskies/Dockerfile.fragment` that adds `jq`:
+
+  ```dockerfile
+  RUN apt-get update && apt-get install -y jq
+  ```
+
 - **Project layer**: the bind-mounted `/workspace` is the project source,
   written by the host's editor, read by the in-container tooling.