Add seeded task workspace creation

Current persistent tasks started with an empty workspace, which blocked the first useful host-to-task workflow in the task roadmap. This change lets task creation start from a host directory or tar archive without changing the one-shot VM surfaces.

Expose source_path on task create across the CLI, SDK, and MCP, add safe archive upload and extraction support for guest and host-compat backends, persist workspace_seed metadata, and patch the per-task rootfs with the bundled guest agent before boot so seeded guest tasks work without republishing environments. Also switch post--- command reconstruction to shlex.join() so documented sh -lc task examples preserve argument boundaries.

Validation:
- uv lock
- UV_CACHE_DIR=.uv-cache uv run pytest --no-cov tests/test_vm_guest.py tests/test_vm_manager.py tests/test_cli.py tests/test_api.py tests/test_server.py tests/test_public_contract.py
- UV_CACHE_DIR=.uv-cache make check
- UV_CACHE_DIR=.uv-cache make dist-check
- real guest-backed smoke: task create --source-path, task exec -- cat note.txt, task delete

runtime_sources/README.md

@@ -34,7 +34,7 @@ Kernel build note:
 Current status:
 1. Firecracker and Jailer are materialized from pinned official release artifacts.
 2. The kernel and rootfs images are built from pinned inputs into `build/runtime_sources/`.
-3. The guest agent is installed into each rootfs and used for vsock exec.
+3. The guest agent is installed into each rootfs and used for vsock exec plus workspace archive imports.
 4. `runtime.lock.json` now advertises real guest capabilities.
 
 Safety rule: