Move dstack-vmm (and decide on the guest OS image) to v0.5.11

[barakeinav1]

Background

PR #3408 (issue #3153) adopted dstack v0.5.11 only for key-provider-build/ (reproducible mr_enclave via build-args), and deliberately kept dstack-vmm and the guest OS image at v0.5.8. Bumping the VMM was deferred because it has real costs and no immediate benefit:

• Measurements: MRTD/RTMR0-2 are pinned on-chain (allowed_os_measurements) and were generated by the v0.5.8 launcher. v0.5.11 changed the QEMU launch path (vmm/src/app/qemu.rs) and the dstack-mr calculator, so a bump needs measurement re-verification (and possibly a vote_add_os_measurement).
• Config schema: v0.5.11's vmm.toml differs substantially from v0.5.8 (top-level address/port/image_path → unix socket + [image]; no max_disk_size; host_api 9300→10000; new [key_provider]; changed port_mapping defaults), so the guide's MPC vmm.toml won't drop in.
• Build dep: v0.5.11's dstack-vmm build requires Node.js + npm (it builds the vmm/ui console).

User Story

As an operator, I want the whole dstack host toolchain (vmm + key-provider) on one pinned version — a single clone that also picks up host-side fixes — without breaking on-chain attestation.

Acceptance Criteria

• Confirm a v0.5.11 dstack-vmm launching the chosen OS image reproduces measurements already in allowed_os_measurements (or coordinate a vote_add_os_measurement for the new set).
• Provide a v0.5.11-compatible MPC vmm.toml (port mapping incl. 24567, disk size, host_api, [key_provider]).
• Add nodejs/npm to the VMM build prerequisites.
• Update the operator guide to a single v0.5.11 clone for vmm + key-provider.
• Decide whether to also bump the guest OS image to v0.5.11 (requires an on-chain measurement vote + operator migration).

Resources & Additional Notes

• Follow-up to docs: use dstack v0.5.11 build-args for reproducible key-provider mr_enclave #3408 / Pin SGX key-provider Dockerfile apt sources for reproducible mr_enclave #3153. The costs above were characterized during a mainnet TDX host bring-up.