feat(jailer): chroot + cgroup v2 + seccomp + UID/GID drop via official jailer (#10)

Wrap Firecracker spawn in the official `jailer` binary so the VMM no longer
runs as the parent's UID with zero isolation. New `src/jailer.rs` (gated on
the `firecracker` feature) provides:

* `JailerConfig` with env-driven defaults (uid=123, gid=100,
  chroot_base=/srv/jailer, parent=microvm.slice, cgroup v2).
* `Jailer::prepare(vm_id, kernel, rootfs, extra_drives)` — idempotent chroot
  setup: hardlink-or-copy kernel/rootfs/drives into
  `<base>/firecracker/<vm_id>/root/`, mknod `dev/kvm` (c 10 232) and
  `dev/net/tun` (c 10 200), chown the tree to uid:gid. Surfaces missing
  CAP_MKNOD with a clear error.
* `Jailer::build_command(...)` — returns a ready-to-spawn `Command` with
  `--id`, `--exec-file`, `--uid`, `--gid`, `--chroot-base-dir`,
  `--cgroup-version`, `--parent-cgroup`, optional `--numa-node`,
  `--new-pid-ns`, the `--` separator, and FC's `--api-sock /api.sock`.
  Default seccomp filter applies (no opt-out flag passed).
* `Jailer::teardown(vm_id)` — recursive chroot removal plus best-effort
  cgroup rmdir.

Adapter wiring is deliberately out of scope (tech lead owns that PR).

Tests:
* arg-construction tests assert exact arg order for cgroup v1/v2, NUMA,
  sanitised vm_id, relative-binary rejection, chroot mismatch.
* chroot-path computation, safe_vm_id sanitisation, makedev encoding.
* OS-touching prepare/teardown tests gated `#[ignore]` with run-as-root
  instructions in the comment.

Co-authored-by: Drew Stone <drewstone329@gmail.com>

Author: tangletools