Add chroot hook to strip all xattrs before squashfs creation

mksquashfs 4.5.1 (bookworm) writes a non-SQUASHFS_INVALID_BLK value for
xattr_id_table_start in the superblock even when -no-xattrs is passed, if
the source chroot contains POSIX ACL xattrs set by dpkg at install time.
Linux 6.1 squashfs driver then fails with "unable to read xattr id index
table" and refuses to mount the filesystem.

Strip all xattrs from the chroot via Python3 (already present) immediately
before mksquashfs runs. With an xattr-free source tree the resulting
squashfs is guaranteed to have SQUASHFS_INVALID_BLK in the xattr field.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

iso/builder/config/hooks/normal/9998-strip-xattrs.hook.chroot

@@ -0,0 +1,37 @@
+#!/usr/bin/env python3
+# 9998-strip-xattrs.hook.chroot
+#
+# mksquashfs 4.5.1 (Debian bookworm) writes a non-INVALID xattr_id_table_start
+# even with -no-xattrs when the source tree contains POSIX ACL xattrs set by
+# dpkg/install-time.  Linux 6.1 squashfs driver then fails with
+# "unable to read xattr id index table" and aborts the mount.
+#
+# Strip all xattrs from the live chroot before mksquashfs sees the tree so the
+# resulting squashfs has SQUASHFS_INVALID_BLK in xattr_id_table_start.
+
+import os
+
+def strip(path):
+    try:
+        for attr in os.listxattr(path, follow_symlinks=False):
+            try:
+                os.removexattr(path, attr, follow_symlinks=False)
+            except OSError:
+                pass
+    except OSError:
+        pass
+
+removed = 0
+for root, dirs, files in os.walk('/', topdown=True, followlinks=False):
+    for name in dirs + files:
+        p = os.path.join(root, name)
+        try:
+            attrs = os.listxattr(p, follow_symlinks=False)
+            if attrs:
+                strip(p)
+                removed += len(attrs)
+        except OSError:
+            pass
+    strip(root)
+
+print(f"9998-strip-xattrs: removed xattrs from {removed} entries")