fix: validate HEROKU_HOST for container registry commands

[michaelmalave]

Summary

This branch hardens container command registry host resolution by switching from raw HEROKU_HOST usage to validated host configuration, preventing invalid domains from being used in registry calls. It also adds regression coverage to ensure invalid host input falls back safely to registry.heroku.com with a user-visible warning.

• Replace direct process.env.HEROKU_HOST registry host construction with vars.host in container:login, container:logout, container:pull, container:push, container:release, and container:run
• Add unit tests for container:login and container:logout verifying invalid HEROKU_HOST is rejected and fallback registry is used
• Add unit test coverage for container:release verifying registry manifest requests still target registry.heroku.com when HEROKU_HOST is invalid

Type of Change

• fix: Bug fix or issue (patch semvar update)
• feat: Introduces a new feature to the codebase (minor semvar update)
• perf: Performance improvement
• docs: Documentation only changes
• tests: Adding missing tests or correcting existing tests
• chore: Code cleanup tasks, dependency updates, or other changes

Verification

CI Passes

Additional Context

• Breaking: none
• Risk: low; changes are limited to registry hostname resolution and covered by unit tests

Related Issue

W-21981314