Rollback partial dm snapshot startup

Prevent partial VM startup failures from leaking loop devices and dm state on the host.

Move root snapshot setup into a rollback-safe helper that records loop and mapper handles incrementally, tears them down in reverse order on failure, and reuses the same dm/loop cleanup path during normal runtime teardown. Also switch the daemon runner field to a small command-runner interface so the snapshot path can be tested with injected failures.

Add failure-injection coverage for losetup, blockdev, dmsetup, partial teardown, and joined rollback errors. Validated with go test ./... and make build.

internal/daemon/daemon.go

@@ -26,7 +26,7 @@ type Daemon struct {
 	layout   paths.Layout
 	config   model.DaemonConfig
 	store    *store.Store
-	runner   system.Runner
+	runner   system.CommandRunner
 	mu       sync.Mutex
 	closing  chan struct{}
 	once     sync.Once