Preserve runtime dir across restart so reconcile re-finds VMs

v0.1.4 fixed the binary-level reconcile path for jailer'd VMs but
left a hole at the systemd layer: bangerd.service and bangerd-root.service
both defaulted to RuntimeDirectoryPreserve=no, so /run/banger was
wiped on every daemon stop. The api-sock symlinks the helper creates
for live VMs (`/run/banger/fc-<id>.sock` → `<chroot>/firecracker.socket`)
went with it, and findByJailerPidfile — which derives the chroot
from the symlink target — couldn't resolve them. Reconcile then fell
through to "stale_vm" and tore down the surviving FC's dm-snapshot.

Add RuntimeDirectoryPreserve=yes to both unit templates so the
symlinks survive the restart window. Live-verified end-to-end on
the dev host: started a VM under v0.1.5, restarted helper +
daemon, confirmed the FC PID was unchanged and `banger vm ssh`
returned the same boot_id pre and post.

Daemon-lifecycle tests updated to assert the new directive is
present in both rendered units so future regressions show up at
test time.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

internal/cli/daemon_lifecycle_test.go

@@ -164,6 +164,7 @@ func TestRenderSystemdUnitIncludesHardeningDirectives(t *testing.T) {
 		"CacheDirectoryMode=0700",
 		"RuntimeDirectory=banger",
 		"RuntimeDirectoryMode=0700",
+		"RuntimeDirectoryPreserve=yes",
 		`ReadOnlyPaths="/home/alice/dev home"`,
 	} {
 		if !strings.Contains(unit, want) {
@@ -189,6 +190,7 @@ func TestRenderRootHelperSystemdUnitIncludesRequiredCapabilities(t *testing.T) {
 		"ReadWritePaths=/var/lib/banger",
 		"RuntimeDirectory=banger-root",
 		"RuntimeDirectoryMode=0711",
+		"RuntimeDirectoryPreserve=yes",
 	} {
 		if !strings.Contains(unit, want) {
 			t.Fatalf("unit = %q, want %q", unit, want)