imagepull + kernelcat: allow absolute symlink targets

Container (and kernel) layers routinely ship symlinks with absolute
targets — /usr/bin/mawk, /lib/modules/<ver>/build, etc. Those are
interpreted relative to the rootfs at runtime (`/` inside the VM),
not against the host filesystem, so they are rooted inside dest by
construction and need no escape check at write time.

The previous logic resolved absolute Linknames literally (against
the host root), compared to the staging dir, and rejected everything
that didn't happen to live under it. That made `banger image pull
docker.io/library/debian:bookworm` fail on the very first symlink
("etc/alternatives/awk -> /usr/bin/mawk").

Relative targets still get the traversal check — a relative
Linkname with ../s can genuinely escape dest at write time even if
in-VM resolution would be safe — so the defense against malicious
relative chains is intact.

Tests:
 - TestFlattenAcceptsAbsoluteSymlink replaces the old overly-strict
   test, using the exact etc/alternatives/awk -> /usr/bin/mawk case
   that broke debian:bookworm.
 - TestFlattenRejectsRelativeSymlinkEscape confirms relative-with-
   traversal is still rejected with the same "unsafe symlink"
   error.

Same fix applied in internal/kernelcat/fetch.go for consistency;
future kernel bundles with absolute symlinks in the modules tree
would otherwise hit the same wall.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/imagepull/imagepull_test.go

@@ -237,11 +237,43 @@ func TestFlattenRejectsPathTraversal(t *testing.T) {
 	}
 }
 
-func TestFlattenRejectsUnsafeSymlink(t *testing.T) {
+func TestFlattenAcceptsAbsoluteSymlink(t *testing.T) {
+	// Container layers regularly contain absolute symlinks like
+	// /usr/bin/mawk — they're interpreted relative to the rootfs at
+	// boot time, not against the host filesystem. They must extract
+	// cleanly.
 	host := startRegistry(t)
-	ref := pushImage(t, host, "banger/test", "evil-sym",
+	ref := pushImage(t, host, "banger/test", "abs-sym",
 		makeLayer(t, []tarMember{
-			{name: "evil", symlink: true, link: "/etc/passwd"}, // absolute target outside dest
+			{name: "etc/alternatives/awk", symlink: true, link: "/usr/bin/mawk"},
+		}),
+	)
+	pulled, err := Pull(context.Background(), ref, t.TempDir())
+	if err != nil {
+		t.Fatalf("Pull: %v", err)
+	}
+	dest := t.TempDir()
+	if err := Flatten(context.Background(), pulled, dest); err != nil {
+		t.Fatalf("Flatten: %v", err)
+	}
+	link := filepath.Join(dest, "etc/alternatives/awk")
+	target, err := os.Readlink(link)
+	if err != nil {
+		t.Fatalf("readlink: %v", err)
+	}
+	if target != "/usr/bin/mawk" {
+		t.Errorf("link target = %q, want /usr/bin/mawk", target)
+	}
+}
+
+func TestFlattenRejectsRelativeSymlinkEscape(t *testing.T) {
+	// Relative symlinks with .. must still be rejected: the resolved
+	// path can escape dest at the host level even if the in-VM
+	// resolution would be safe.
+	host := startRegistry(t)
+	ref := pushImage(t, host, "banger/test", "rel-escape",
+		makeLayer(t, []tarMember{
+			{name: "etc/evil", symlink: true, link: "../../../../etc/passwd"},
 		}),
 	)
 	pulled, err := Pull(context.Background(), ref, t.TempDir())
@@ -250,7 +282,7 @@ func TestFlattenRejectsUnsafeSymlink(t *testing.T) {
 	}
 	err = Flatten(context.Background(), pulled, t.TempDir())
 	if err == nil || !strings.Contains(err.Error(), "unsafe symlink") {
-		t.Fatalf("Flatten unsafe symlink: err=%v", err)
+		t.Fatalf("Flatten relative escape: err=%v", err)
 	}
 }