The lab was crashing when a vulnerability scanner hit it because every
servlet leaks its DB connection (no close), and DBConnect opens a fresh
DriverManager connection per request. Under load the JVM accumulated
leaked connections until it OOMed and MySQL hit max_connections=151.

Fix at the pool layer so no servlet/controller code changes (all
deliberate vulnerabilities preserved):

- Declare a tomcat-jdbc DataSource at jdbc/jvl in META-INF/context.xml
  with maxActive=50 and removeAbandoned=true (60s) so leaked connections
  are auto-reaped.
- Add resource-ref in web.xml.
- Make DBConnect.connect look up the pool via JNDI, with the original
  DriverManager path retained as a fallback.
- Copy mysql-connector-java into Tomcat's shared lib/ so the pool's
  container classloader can load the driver.
- Bump CATALINA_OPTS to -Xms256m -Xmx1024m.
- Set MySQL max_connections=500 and shorter wait_timeout/interactive_timeout.
- Add .dockerignore (mysql-data/, .git/, target/) and .gitignore.

Verified: 200 concurrent SQLi requests cap MySQL Threads_connected at
50 with Aborted_connects=0; SQLi auth bypass on /LoginValidator still
works.