Add stopped-workspace disk export and inspection

Finish the 3.1.0 secondary disk-tools milestone so stable workspaces can be
stopped, inspected offline, exported as raw ext4 images, and started again
without changing the primary workspace-first interaction model.

Add workspace stop/start plus workspace disk export/list/read across the CLI,
SDK, and MCP, backed by a new offline debugfs inspection helper and guest-only
validation. Scrub runtime-only guest state before disk inspection/export, and
fix the real guest reliability gaps by flushing the filesystem on stop and
removing stale Firecracker socket files before restart.

Update the docs, examples, changelog, and roadmap to mark 3.1.0 done, and
cover the new lifecycle/disk paths with API, CLI, manager, contract, and
package-surface tests.

Validation: uv lock; UV_CACHE_DIR=.uv-cache make check; UV_CACHE_DIR=.uv-cache
make dist-check; real guest-backed smoke for create, shell/service activity,
stop, workspace disk list/read/export, start, exec, and delete.

README.md

@@ -21,7 +21,7 @@ It exposes the same runtime in three public forms:
 - Stable workspace walkthrough GIF: [docs/assets/workspace-first-run.gif](docs/assets/workspace-first-run.gif)
 - Terminal walkthrough GIF: [docs/assets/first-run.gif](docs/assets/first-run.gif)
 - PyPI package: [pypi.org/project/pyro-mcp](https://pypi.org/project/pyro-mcp/)
-- What's new in 3.0.0: [CHANGELOG.md#300](CHANGELOG.md#300)
+- What's new in 3.1.0: [CHANGELOG.md#310](CHANGELOG.md#310)
 - Host requirements: [docs/host-requirements.md](docs/host-requirements.md)
 - Integration targets: [docs/integrations.md](docs/integrations.md)
 - Public contract: [docs/public-contract.md](docs/public-contract.md)
@@ -58,7 +58,7 @@ What success looks like:
 ```bash
 Platform: linux-x86_64
 Runtime: PASS
-Catalog version: 3.0.0
+Catalog version: 3.1.0
 ...
 [pull] phase=install environment=debian:12
 [pull] phase=ready environment=debian:12
@@ -107,6 +107,7 @@ That stable workspace path gives you:
 - full-sandbox recovery with `workspace reset`
 - baseline comparison with `workspace diff`
 - explicit host-out export with `workspace export`
+- secondary stopped-workspace disk inspection with `workspace stop|start` and `workspace disk *`
 
 After the quickstart works:
 
@@ -123,6 +124,8 @@ After the quickstart works:
 - open a persistent interactive shell with `uvx --from pyro-mcp pyro workspace shell open WORKSPACE_ID`
 - start long-running workspace services with `uvx --from pyro-mcp pyro workspace service start WORKSPACE_ID app --ready-file .ready -- sh -lc 'touch .ready && while true; do sleep 60; done'`
 - publish one guest service port to the host with `uvx --from pyro-mcp pyro workspace create debian:12 --network-policy egress+published-ports` and `uvx --from pyro-mcp pyro workspace service start WORKSPACE_ID app --ready-http http://127.0.0.1:8080/ --publish 18080:8080 -- ./start-app`
+- stop a workspace for offline inspection with `uvx --from pyro-mcp pyro workspace stop WORKSPACE_ID`
+- inspect or export one stopped guest rootfs with `uvx --from pyro-mcp pyro workspace disk list WORKSPACE_ID`, `uvx --from pyro-mcp pyro workspace disk read WORKSPACE_ID note.txt`, and `uvx --from pyro-mcp pyro workspace disk export WORKSPACE_ID --output ./workspace.ext4`
 - move to Python or MCP via [docs/integrations.md](docs/integrations.md)
 
 ## Supported Hosts
@@ -176,7 +179,7 @@ uvx --from pyro-mcp pyro env list
 Expected output:
 
 ```bash
-Catalog version: 3.0.0
+Catalog version: 3.1.0
 debian:12 [installed|not installed] Debian 12 environment with Git preinstalled for common agent workflows.
 debian:12-base [installed|not installed] Minimal Debian 12 environment for shell and core Unix tooling.
 debian:12-build [installed|not installed] Debian 12 environment with Git and common build tools preinstalled.
@@ -275,6 +278,11 @@ pyro workspace service status WORKSPACE_ID web
 pyro workspace service logs WORKSPACE_ID web --tail-lines 50
 pyro workspace service stop WORKSPACE_ID web
 pyro workspace service stop WORKSPACE_ID worker
+pyro workspace stop WORKSPACE_ID
+pyro workspace disk list WORKSPACE_ID
+pyro workspace disk read WORKSPACE_ID src/note.txt
+pyro workspace disk export WORKSPACE_ID --output ./workspace.ext4
+pyro workspace start WORKSPACE_ID
 pyro workspace logs WORKSPACE_ID
 pyro workspace delete WORKSPACE_ID
 ```
@@ -283,7 +291,7 @@ Persistent workspaces start in `/workspace` and keep command history until you d
 machine consumption, add `--json` and read the returned `workspace_id`. Use `--seed-path` when
 you want the workspace to start from a host directory or a local `.tar` / `.tar.gz` / `.tgz`
 archive instead of an empty workspace. Use `pyro workspace sync push` when you want to import
-later host-side changes into a started workspace. Sync is non-atomic in `3.0.0`; if it fails
+later host-side changes into a started workspace. Sync is non-atomic in `3.1.0`; if it fails
 partway through, prefer `pyro workspace reset` to recover from `baseline` or one named snapshot.
 Use `pyro workspace diff` to compare the live `/workspace` tree to its immutable create-time
 baseline, and `pyro workspace export` to copy one changed file or directory back to the host. Use
@@ -301,7 +309,9 @@ service must be probed from the host on `127.0.0.1`.
 Use `--secret` and `--secret-file` at workspace creation when the sandbox needs private tokens or
 config. Persisted secrets are materialized inside the guest at `/run/pyro-secrets/<name>`, and
 `--secret-env SECRET_NAME[=ENV_VAR]` maps one secret into one exec, shell, or service call without
-exposing the raw value in workspace status, logs, diffs, or exports.
+exposing the raw value in workspace status, logs, diffs, or exports. Use `pyro workspace stop`
+plus `pyro workspace disk list|read|export` when you need offline inspection or one raw ext4 copy
+from a stopped guest-backed workspace, then `pyro workspace start` to resume the same workspace.
 
 ## Public Interfaces