fix(platform): skip recursive chown in containers to avoid overlayfs exec race

PreserveOwnershipRecursive walks the freshly-extracted source tree and
chowns every file from root to the original sudo user. On overlayfs (k3s
Jenkins pods on Fedora CoreOS), each chown triggers a copy-up that can
race with a subsequent execve, making the kernel return ENOEXEC on a
perfectly valid '#!/bin/bash' script — observed as 'fork/exec
.../configure: exec format error' a few ms into the build step.

In containerised builds (YAP_IN_CONTAINER=1, baked into every yap image
by build/deploy/generate.sh) the runtime user already owns the workspace
end-to-end; the chown is pure overhead. Skip it there.

Author: M0Rf30

pkg/platform/ownership.go

@@ -155,7 +155,21 @@ func PreserveOwnership(path string) error {
 }
 
 // PreserveOwnershipRecursive recursively changes ownership to original user if under sudo.
+//
+// In container environments (detected via YAP_IN_CONTAINER=1, baked into all
+// yap Docker images by build/deploy/generate.sh) the chown is skipped. The
+// container's runtime user is already the intended build user, so chowning the
+// source tree adds nothing and on overlayfs can trigger copy-up races that
+// cause execve() of freshly-chowned scripts to return ENOEXEC (observed in
+// k3s/Fedora CoreOS Jenkins pods).
 func PreserveOwnershipRecursive(path string) error {
+	if os.Getenv("YAP_IN_CONTAINER") == "1" {
+		logger.Debug("skipping recursive ownership preservation in container",
+			"path", path)
+
+		return nil
+	}
+
 	originalUser, err := GetOriginalUser()
 	if err != nil {
 		logger.Warn(i18n.T("logger.platform.warn.get_user"), "error", err)