install.sh: expand the pre-sudo summary beyond just networking

The previous one-liner ("banger needs permission to manage network
access for the VMs you launch") was honest but understated; banger
also needs sudo for storage (rootfs snapshots, loop devices, image
files), launching/stopping firecracker under jailer isolation, and
installing binaries + systemd units. Spell those out as a short
bulleted list at the moment of decision so the user is authorising
a known scope rather than a euphemism.

Wording stays plain-language — no capability names, no jargon —
since the target audience may not know networking or container
terminology.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

scripts/install.sh

@@ -168,9 +168,16 @@ About to install banger $TARGET_VERSION (requires sudo):
   /etc/systemd/system/bangerd.service       (background daemon)
   /etc/systemd/system/bangerd-root.service  (privileged helper)
 
-Why sudo: banger needs permission to automatically manage network
+banger needs your permission to:
-access for the VMs you launch. The privileged work runs in a small
+
-helper service; the rest runs as you.
+  • set up VM networking (bridges, NAT, DNS routing for <vm>.vm)
+  • manage VM storage (rootfs snapshots, loop devices, image files)
+  • launch and stop firecracker processes under jailer isolation
+  • install the binaries to /usr/local and the systemd units above
+
+Once installed, day-to-day commands like 'banger vm run' and
+'banger image pull' run as you. Only the narrow set of operations
+above goes through the privileged helper service.
 
 For details, see: $TRUST_DOC_URL