Implement tuf support

[mobileoverlord]

Add runtime management, TUF-based updates, and JSON output

Summary

This PR introduces runtime lifecycle management to avocadoctl, enabling devices to stage, activate, inspect, and update complete runtime images via content-addressable storage and TUF (The Update Framework) verified updates. It also adds machine-readable JSON output across all commands.

10 commits, 15 files changed (+4,420 / -399 lines)

New Features

Runtime management (avocadoctl runtime)

• runtime list -- list all staged runtimes and identify the active one
• runtime add --url <tuf-repo> -- fetch and stage a runtime from a TUF repository with signature and hash verification
• runtime add --manifest <path> -- stage a runtime from a local manifest file
• runtime remove <id> -- remove a staged runtime (with active-runtime safety guard)
• runtime activate <id> -- activate a staged runtime by swinging the active symlink
• runtime inspect <id> -- display runtime details including extensions and image paths

TUF-based verified updates (src/update.rs)

• Full TUF client implementation: fetches timestamp.json and targets.json, verifies ed25519 signatures against a locally provisioned root of trust, and validates SHA-256 hashes on all downloaded targets
• Incremental downloads -- skips images already present locally via content-addressable deduplication

Content-addressable image storage (src/manifest.rs, src/staging.rs)

• Runtime manifests (v1 and v2) describe extension images with either human-readable filenames or UUIDv5 content-addressable image_ids
• Staging layer validates that all referenced images exist on disk before activation
• Image deduplication: identical extension images across runtimes share a single copy in the images/ directory

Root authority inspection (avocadoctl root-authority)

• Displays the device's trusted signing keys, role thresholds, and metadata expiration from the provisioned root.json

Machine-readable output (--output json / -o json)

• Global --output flag added; table (default) or json
• status, merge, unmerge, refresh, enable, disable all emit structured JSON when requested
• OutputManager updated to suppress human-readable decoration in JSON mode

Changes to existing code

• ext commands -- status_extensions now loads the active runtime manifest and enriches status output with runtime metadata; enable / disable warn when an active manifest is present (manifest takes precedence over symlink discovery); lifecycle events now respect per-scope enablement checks
• config -- new runtimes_dir config key and get_avocado_base_dir() accessor (respects AVOCADO_BASE_DIR env var, then config, then /var/lib/avocado default)

Dependencies

New crate dependencies added to Cargo.toml / Cargo.lock: tough (TUF metadata parsing), ed25519-compact (signature verification), sha2 (hash verification), uuid (content-addressable IDs), and their transitive dependencies.