feat: automatically add socket's group when using --use-api-socket

[felipecrs]

- What I did

The --use-api-socket flag is great, but it didn't account for the case when the container is executed as a non-root user that is not part of the socket's group:

❯ docker run --rm --use-api-socket -u $(id -u):$(id -g) docker:cli docker version
Client:
 Version:           29.5.0
 API version:       1.54
 Go version:        go1.26.3
 Git commit:        98f1464
 Built:             Thu May 14 14:39:32 2026
 OS/Arch:           linux/amd64
 Context:           default
permission denied while trying to connect to the docker API at unix:///var/run/docker.sock

This PR makes it so that --use-api-socket will account for this case.

- How I did it

This PR improves the --use-api-socket flag so that it automatically discovers the socket's group and adds it, equivalent to manually passing --group-add $(stat -c '%g' /var/run/docker.sock).

- How to verify it

❯ build/docker run --rm --use-api-socket -u $(id -u):$(id -g) docker:cli docker version
Client:
 Version:           29.5.0
 API version:       1.54
 Go version:        go1.26.3
 Git commit:        98f1464
 Built:             Thu May 14 14:39:32 2026
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          29.5.1
  API version:      1.54 (minimum version 1.40)
  Go version:       go1.26.3
  Git commit:       dd24a3a
  Built:            Mon May 18 15:24:46 2026
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.2.3
  GitCommit:        77c84241c7cbdd9b4eca2591793e3d4f4317c590
 runc:
  Version:          1.3.5
  GitCommit:        v1.3.5-0-g488fc13e
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

- Human readable description for the release notes

Automatically add socket's group to container user when using `--use-api-socket`

- A picture of a cute animal (not mandatory but encouraged)