zedagent: extend docs with internals and startup sequence

[eriknordmark]

Description

This PR contains two commits extending the zedagent package with documentation
and unit tests.

Commit 1: zedagent: extend docs with internals and startup sequence

pkg/pillar/docs/zedagent.md gains two new sections:

• Startup Sequence – documents the 13-step, gate-based initialization
  that zedagent performs before entering its main event loop. Each gate
  (onboarding, NodeAgentStatus, cipher, Zboot, DNS) is explained with
  the reason it must block before the next stage can proceed.
• Goroutine Architecture – documents the long-running goroutines
  launched at startup (objectInfoTask, metricsTask, etc.) and the
  central mainEventLoop that dispatches pubsub events.

pkg/pillar/docs/zedagent-internals.md is a new file covering:

• Full pubsub map: every publication and subscription with topic type,
  pubsub key, and the producer/consumer agent.
• Handler naming conventions and the Create/Modify/Delete/Impl pattern
  used throughout the codebase.
• Metric and info publish pipeline, tracing data flow from source
  microservices through zedagent to the controller.
• Eden integration test guidance: how to write testscripts that
  correctly reference proto field paths for info, metric, and flow-log
  messages (including the MetricContent oneof vs. direct fields
  distinction that is a common source of test errors).

Commit 2: zedagent: unit tests for bootstrap and global config loading

Adds unit tests and supporting refactoring to cover the zedagent startup
sequence paths that are not exercised by Eden e2e tests (bootstrap config
loading, global config loading, and DPC publication from bootstrap).

pkg/pillar/cmd/zedagent/handleconfig.go is refactored to expose
testable entry points:

• validateBootstrapConfig(bootstrapFile, rootCertFile string) – performs
  the full cert-chain verification and ECDSA signature check without
  requiring a live getconfigContext.
• loadBootstrapConfigImpl(ctx, bootstrapFile, rootCertFile string) –
  delegates from the existing loadBootstrapConfig.
• loadGlobalConfigImpl(ctx, globalConfigFile, authorizedKeysFile string) –
  delegates from the existing loadGlobalConfig.

pkg/pillar/controllerconn/authen.go gains
VerifyLeavesCertChainWithRootPEM so tests can supply their own root cert
PEM instead of reading /config/root-certificate.pem from disk.

pkg/pillar/cmd/zedagent/handleconfig_test.go (new) contains 10 tests:

• TestValidateBootstrapConfigMissingFile – no file → (nil, nil)
• TestValidateBootstrapConfigSuccess – valid signed proto → parsed config
• TestValidateBootstrapConfigMalformedProto – corrupt bytes → error
• TestValidateBootstrapConfigInvalidCertChain – wrong root CA → error
• TestValidateBootstrapConfigInvalidSignature – flipped signature bit → error
• TestBootstrapConfigPublishesDPC – bootstrap config with SystemAdapter
  publishes a DevicePortConfig with NetworkConfigOriginBootstrap
• TestLoadGlobalConfigMissingFile – no file → false
• TestLoadGlobalConfigSuccess – valid JSON → globalConfig updated
• TestLoadGlobalConfigWithAuthorizedKeys – authorized_keys file content
  propagated to SSHAuthorizedKeys config item
• TestLoadGlobalConfigMalformedJSON – invalid JSON → false

PR dependencies

None.

How to test and validate this PR

cd pkg/pillar
go test ./cmd/zedagent/... -count=1 -v

All 10 new tests should pass. The rest of the documentation can be reviewed
as rendered Markdown in pkg/pillar/docs/.

Changelog notes

No user-facing changes. Internal documentation and unit test improvements
for the zedagent microservice.

PR Backports

• 16.0-stable: No – documentation and tests only, no bug fix.
• 14.5-stable: No.
• 13.4-stable: No.

Checklist

• I've provided a proper description
• I've added the proper documentation
• I've tested my PR on amd64 device (docs/tests only, N/A)
• I've tested my PR on arm64 device (docs/tests only, N/A)
• I've written the test verification instructions
• I've checked the boxes above, or I've provided a good reason why I didn't check them.

[codecov]

Codecov Report

❌ Patch coverage is 26.92308% with 57 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.17%. Comparing base (2281599) to head (9a672c2).
⚠️ Report is 644 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/pillar/cmd/zedagent/handleconfig.go	33.33%	40 Missing and 2 partials ⚠️
pkg/pillar/controllerconn/authen.go	0.00%	15 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5898      +/-   ##
==========================================
- Coverage   19.52%   17.17%   -2.36%     
==========================================
  Files          19      474     +455     
  Lines        3021    85666   +82645     
==========================================
+ Hits          590    14717   +14127     
- Misses       2310    69424   +67114     
- Partials      121     1525    +1404     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.