Add experimental Void guest workflow and vsock agent

Make iterating on a Firecracker-friendly Void guest practical without replacing the Debian default image path.

Add local Void rootfs build/register/verify plumbing, a language-agnostic dev package baseline, and guest SSH/work-disk hardening so new images use the runtime bundle key, keep a normal root bash environment, and repair stale nested /root layouts on restart.

Replace the guest PING/PONG responder with an HTTP /healthz agent over vsock, rename the runtime bundle and config surface from ping helper to agent while still accepting the legacy keys, and route the post-SSH reminder through the new vm.health path.

Validated with GOCACHE=/tmp/banger-gocache go test ./..., make build, bash -n customize.sh make-rootfs-void.sh, and git diff --check.

internal/config/config.go

@@ -22,6 +22,7 @@ type fileConfig struct {
 	SSHKeyPath         string `toml:"ssh_key_path"`
 	NamegenPath        string `toml:"namegen_path"`
 	CustomizeScript    string `toml:"customize_script"`
+	VSockAgent         string `toml:"vsock_agent_path"`
 	VSockPingHelper    string `toml:"vsock_ping_helper_path"`
 	DefaultWorkSeed    string `toml:"default_work_seed"`
 	DefaultImageName   string `toml:"default_image_name"`
@@ -83,17 +84,16 @@ func Load(layout paths.Layout) (model.DaemonConfig, error) {
 	if file.LogLevel != "" {
 		cfg.LogLevel = file.LogLevel
 	}
-	if file.SSHKeyPath != "" {
-		cfg.SSHKeyPath = file.SSHKeyPath
-	}
 	if file.NamegenPath != "" {
 		cfg.NamegenPath = file.NamegenPath
 	}
 	if file.CustomizeScript != "" {
 		cfg.CustomizeScript = file.CustomizeScript
 	}
-	if file.VSockPingHelper != "" {
-		cfg.VSockPingHelperPath = file.VSockPingHelper
+	if file.VSockAgent != "" {
+		cfg.VSockAgentPath = file.VSockAgent
+	} else if file.VSockPingHelper != "" {
+		cfg.VSockAgentPath = file.VSockPingHelper
 	}
 	if file.DefaultWorkSeed != "" {
 		cfg.DefaultWorkSeed = file.DefaultWorkSeed
@@ -197,7 +197,7 @@ func applyBundleMetadataDefaults(cfg *model.DaemonConfig, runtimeDir string, met
 	cfg.SSHKeyPath = defaultRuntimePath(cfg.SSHKeyPath, runtimeDir, meta.SSHKeyPath)
 	cfg.NamegenPath = defaultRuntimePath(cfg.NamegenPath, runtimeDir, meta.NamegenPath)
 	cfg.CustomizeScript = defaultRuntimePath(cfg.CustomizeScript, runtimeDir, meta.CustomizeScript)
-	cfg.VSockPingHelperPath = defaultRuntimePath(cfg.VSockPingHelperPath, runtimeDir, meta.VSockPingHelperPath)
+	cfg.VSockAgentPath = defaultRuntimePath(cfg.VSockAgentPath, runtimeDir, meta.VSockAgentPath)
 	cfg.DefaultWorkSeed = defaultRuntimePath(cfg.DefaultWorkSeed, runtimeDir, meta.DefaultWorkSeed)
 	cfg.DefaultKernel = defaultRuntimePath(cfg.DefaultKernel, runtimeDir, meta.DefaultKernel)
 	cfg.DefaultInitrd = defaultRuntimePath(cfg.DefaultInitrd, runtimeDir, meta.DefaultInitrd)
@@ -212,7 +212,10 @@ func applyLegacyRuntimeDefaults(cfg *model.DaemonConfig) {
 	cfg.SSHKeyPath = defaultRuntimePath(cfg.SSHKeyPath, cfg.RuntimeDir, "id_ed25519")
 	cfg.NamegenPath = defaultRuntimePath(cfg.NamegenPath, cfg.RuntimeDir, "namegen")
 	cfg.CustomizeScript = defaultRuntimePath(cfg.CustomizeScript, cfg.RuntimeDir, "customize.sh")
-	cfg.VSockPingHelperPath = defaultRuntimePath(cfg.VSockPingHelperPath, cfg.RuntimeDir, "banger-vsock-pingd")
+	cfg.VSockAgentPath = firstExistingRuntimePath(
+		defaultRuntimePath(cfg.VSockAgentPath, cfg.RuntimeDir, "banger-vsock-agent"),
+		filepath.Join(cfg.RuntimeDir, "banger-vsock-pingd"),
+	)
 	cfg.DefaultWorkSeed = defaultRuntimePath(cfg.DefaultWorkSeed, cfg.RuntimeDir, "rootfs-docker.work-seed.ext4")
 	cfg.DefaultKernel = defaultRuntimePath(cfg.DefaultKernel, cfg.RuntimeDir, "wtf/root/boot/vmlinux-6.8.0-94-generic")
 	cfg.DefaultInitrd = defaultRuntimePath(cfg.DefaultInitrd, cfg.RuntimeDir, "wtf/root/boot/initrd.img-6.8.0-94-generic")