feat(iso): 2.1-2.3 — debug ISO builder with SSH access

Builder setup:
- iso/builder/VERSIONS: pinned Alpine 3.21, Go 1.23.6, NVIDIA 550.54.15
- iso/builder/setup-builder.sh: installs build deps + Go on Alpine VM, verifies packages
- iso/builder/build-debug.sh: compiles audit binary, injects SSH keys, builds ISO
- iso/builder/mkimg.bee_debug.sh: Alpine mkimage profile (all audit packages + dropbear)

SSH access (same Ed25519 key as release signing):
- auto-collects ~/.keys/*.key.pub into authorized_keys at build time
- fallback: user bee / password eeb when no keys available
- bee-sshsetup init.d service: creates bee user, sets password, logs status

Debug overlay:
- bee-network: DHCP on all physical interfaces before SSH/audit
- bee-audit-debug: runs audit on boot, leaves SSH up after
- bee-sshsetup: key/password SSH setup
- motd: shows log paths, re-run command, SSH access info

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

iso/overlay-debug/etc/init.d/bee-audit-debug

@@ -0,0 +1,21 @@
+#!/sbin/openrc-run
+
+description="Bee: run hardware audit (debug mode — SSH stays up after)"
+
+depend() {
+    need localmount
+    after bee-network
+}
+
+start() {
+    ebegin "Running hardware audit"
+    /usr/local/bin/audit --output stdout > /var/log/bee-audit.json 2>/var/log/bee-audit.log
+    local rc=$?
+    if [ $rc -eq 0 ]; then
+        einfo "Audit complete: /var/log/bee-audit.json"
+        einfo "SSH in and inspect results. Dropbear is running."
+    else
+        ewarn "Audit finished with errors — check /var/log/bee-audit.log"
+    fi
+    eend 0
+}

iso/overlay-debug/etc/init.d/bee-network

@@ -0,0 +1,15 @@
+#!/sbin/openrc-run
+
+description="Bee: bring up network interfaces via DHCP"
+
+depend() {
+    need localmount
+    before bee-audit-debug
+    before dropbear
+}
+
+start() {
+    ebegin "Bringing up network interfaces"
+    /usr/local/bin/bee-network.sh >> /var/log/bee-network.log 2>&1
+    eend 0
+}

iso/overlay-debug/etc/init.d/bee-sshsetup

@@ -0,0 +1,28 @@
+#!/sbin/openrc-run
+
+description="Bee: configure SSH access (keys or password fallback)"
+
+depend() {
+    need localmount
+    before dropbear
+}
+
+start() {
+    # Always create dedicated 'bee' user for password fallback.
+    # If no SSH keys embedded: login with bee / eeb
+    if ! id bee > /dev/null 2>&1; then
+        adduser -D -s /bin/sh bee > /dev/null 2>&1
+    fi
+    printf 'eeb\neeb\n' | passwd bee > /dev/null 2>&1
+
+    if [ -f /etc/bee-ssh-password-fallback ]; then
+        ebegin "SSH key auth unavailable — password fallback active"
+        ewarn "Login: bee / eeb"
+        ewarn "Generate a key: sh keys/scripts/keygen.sh <name>"
+        eend 0
+    else
+        ebegin "SSH key auth configured"
+        # bee user exists but password login less useful when keys work
+        eend 0
+    fi
+}