vmsig: management daemon, runtime endpoint lifecycle, roster, discovery, in-tree drivers, packaging

- core: runtime attach/detach of a per-endpoint adapter trio (runtime-safe add_adapter + vmsig_core_detach_endpoint, deferred reap)
- roster: VMSIG_EV_ROSTER + CAP_ROSTER, retained per-endpoint and replayed to late subscribers
- discovery: inotify trigger dir, vmid/endpoint slot allocator, host probe; vmsigd daemon with config + per-uid admission
- input driver and vgpu perception built in-tree; vgpu perception as a separate library
- memctx: own the supplied ro_fd (closed at detach)
- deb packaging: install rules, systemd unit, tmpfiles, default config

packaging/systemd/vmsigd.service

@@ -0,0 +1,41 @@
+[Unit]
+Description=vmsig VM signaling coherence daemon
+# No host/VM is named here: the daemon serves whatever appears under its watch dir.
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+# root: reads QEMU-owned /dev/shm RAM backings, dials per-VM QMP, reads /etc/pve (OS-DAC).
+# The security boundary is the per-uid grant, not the process uid; per-VM isolation, if
+# required, is the deployment's job (process-per-VM), not this daemon's.
+User=root
+ExecStart=/usr/sbin/vmsigd
+Restart=on-failure
+RestartSec=2
+
+# systemd creates and owns /run/vmsig (the control socket dir) and cleans it on stop.
+RuntimeDirectory=vmsig
+RuntimeDirectoryMode=0755
+
+StandardOutput=journal
+StandardError=journal
+
+# ---- hardening: contain a root daemon by namespace/capability, not by uid ----
+NoNewPrivileges=true
+ProtectSystem=strict
+ReadWritePaths=/dev/shm/vmsig /run/vmsig
+ReadOnlyPaths=/etc/pve /var/run/qemu-server
+ProtectHome=true
+PrivateTmp=true
+RestrictAddressFamilies=AF_UNIX
+CapabilityBoundingSet=
+AmbientCapabilities=
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+LockPersonality=true
+
+[Install]
+WantedBy=multi-user.target