Extract QEMU/virtiofsd logic into bcvk-qemu crate

[cgwalters]

Right now we have this unfortunate duality in that for ephemeral we directly spawn qemu, but obviously the libvirt verb defers all that to libvirt.

There are other use cases that effectively want to directly control qemu, and while there are certainly other Rust libraries wrapping qemu, ours is okay.

This makes our internals a crate that could be used as a git dependency (no intention to publish to crates.io).

The kit crate now re-exports from bcvk-qemu to maintain backward compatibility. A QemuConfigExt trait bridges kit's Format type with bcvk-qemu's DiskFormat.

Tested by patching bootc PR #2018 to use bcvk-qemu via [patch.crates-io], which builds successfully and uses spawn_virtiofsd_async() for the anaconda test infrastructure.

Assisted-by: OpenCode (claude-opus-4-5-20250114)

[gemini-code-assist]

Code Review

This pull request refactors the project by extracting QEMU and virtiofsd logic into a new bcvk-qemu crate, improving modularity and reusability. The new crate is well-structured, and the kit crate is adapted cleanly. However, a security audit identified potential injection vulnerabilities where untrusted input (from CLI arguments or the guest VM) is used to construct QEMU command-line arguments or systemd notifications without proper escaping or sanitization. Specifically, unescaped commas in QEMU arguments can lead to option injection, and unescaped newlines in VSOCK data can lead to notification spoofing, which are critical for robust isolation between the host and the guest VM. Additionally, there is a suggestion for improvement regarding socket handling in the vsock implementation.

[ckyrouac]

I did a quick read through looking for anything obviously wrong or malicious. LGTM