feat(openclaw): deploy OpenClaw AI chatbot gateway on VM 120

- Add Docker Compose configs with security hardening (cap_drop ALL, non-root, read-only FS)
- Add Prometheus node_exporter scrape target for 192.168.2.120:9100
- Update services/README.md, INDEX.md, and CLAUDE_STATUS.md with VM 120
- Image pinned to v2026.2.1 (patches CVE-2026-25253)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

services/openclaw/docker-compose.override.yml

@@ -0,0 +1,20 @@
+services:
+  openclaw:
+    cap_drop:
+      - ALL
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+    tmpfs:
+      - /tmp:size=256m
+      - /.openclaw:size=64m
+    privileged: false
+    user: "1001:1001"
+    deploy:
+      resources:
+        limits:
+          cpus: "3.5"
+          memory: 14G
+        reservations:
+          cpus: "0.5"
+          memory: 512M