migrate ISO build from Alpine to Debian 12 (Bookworm)

Replace the entire live CD build pipeline:
- Alpine SDK + mkimage + genapkovl → Debian live-build (lb config/build)
- OpenRC init scripts → systemd service units
- dropbear → openssh-server (native to Debian live)
- udhcpc → dhclient for DHCP
- apk → apt-get in setup-builder.sh and build-nvidia-module.sh
- Add auto/config (lb config options) and auto/build wrapper
- Add config/package-lists/bee.list.chroot replacing Alpine apks
- Add config/hooks/normal/9000-bee-setup.hook.chroot to enable services
- Add bee-nvidia-load and bee-sshsetup helper scripts
- Keep NVIDIA pre-compile pipeline (Option B): compile on builder VM against
  pinned Debian kernel headers (DEBIAN_KERNEL_ABI), inject .ko into includes.chroot
- Fixes: native glibc (no gcompat shims), proper udev, writable /lib/modules,
  no Alpine modloop read-only constraint, no stale apk cache issues

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

iso/builder/config/hooks/normal/9000-bee-setup.hook.chroot

@@ -0,0 +1,29 @@
+#!/bin/sh
+# 9000-bee-setup.hook.chroot — runs inside Debian chroot during live-build
+# Enables bee systemd services and configures the live environment.
+set -e
+
+echo "=== bee chroot setup ==="
+
+# Enable bee services
+systemctl enable bee-network.service
+systemctl enable bee-nvidia.service
+systemctl enable bee-audit.service
+systemctl enable bee-sshsetup.service
+systemctl enable ssh.service
+
+# Ensure scripts are executable
+chmod +x /usr/local/bin/bee-network.sh  2>/dev/null || true
+chmod +x /usr/local/bin/bee-nvidia-load 2>/dev/null || true
+chmod +x /usr/local/bin/bee-sshsetup   2>/dev/null || true
+chmod +x /usr/local/bin/bee-smoketest  2>/dev/null || true
+chmod +x /usr/local/bin/bee-tui        2>/dev/null || true
+chmod +x /usr/local/bin/audit          2>/dev/null || true
+
+# Reload udev rules
+udevadm control --reload-rules 2>/dev/null || true
+
+# Create log directory
+mkdir -p /var/log
+
+echo "=== bee chroot setup complete ==="