…sertion

# Conflicts:
#	test/test_helper.exs

…zer)

- format two test files (codec_test, oci_loader_test)
- credo --strict: drop redundant with-clause result; cond -> if in publish_file
- sha256_file: File.stream!/3 arg order was wrong (modes/bytes swapped) -- a real
  hashing bug; switch to the shared Hyper.Redist.Sha256.file/1 helper
- dialyzer: silence the Ecto.Multi opacity false positive in record/3

- drop Umoci.test_system/0; node boot just calls ensure_installed (a bad
  operator-set path is caught at load time via OciLoader.test_system)
- flatten umoci asset/url/sha256 into a single @downloads map (firecracker shape);
  drop asset_for/1, asset_url/1
- delete codec_test.exs and umoci_test.exs; trim OciLoader source/1 + goarch/1
  tests -- validation/mapping the type system already constrains

Promote Hyper.Img to a real module: create/2 takes a prepared image file path,
content-addresses it, publishes it into the media store, and records the base
image (blobs + images + image_layers). OciLoader now only converts an OCI ref to
an ext4 rootfs and hands the path to Hyper.Img.create/2 -- the store/DB concern
no longer lives inline in the loader.

@decorate with_span on create/2 (parent), content_id (sha256), and publish
(file move); the record DB work is already traced by OpentelemetryEcto.

- OciLoader.load: info on start + success, warning on failure
- debug logs at the slow stages (pull/flatten, ext4 build)
- Umoci: info when it downloads the default binary

ext4_size/dir_size/build_ext4 now speak Unit.Information instead of raw byte
ints + @mib/@base_overhead_bytes/@floor_bytes constants.

1. umoci unpack now passes --rootless (plain unpack chown/mknod fails EPERM on
   the unprivileged BEAM, breaking every non-trivial image)
2. place/2 removes the partial destination if a cross-fs copy fails (else the
   next load reuses a truncated rootfs)
3. ext4 sizing now uses block-aware du -sB1, sizes in the inode table, and
   passes mke2fs -N <file-count + headroom> so inode-dense images don't fail
4. test_system/0 guards Sys.Arch.current up front so an unsupported arch returns
   an error tuple instead of raising MatchError through Umoci.bin/0
5. create/2 rolls back a newly-published store file when record/3 fails (a
   reused/pre-existing file is left alone)