Critical safety and compatibility fixes based on ChatGPT feedback

SAFETY FIXES:
- Add prominent safety warnings for destructive operations
- Add BOOTC_I_KNOW_THIS_WIPES_MY_DISK environment variable checks
- Add safety warnings to manual installation scripts

BUILD FIXES:
- Fix Containerfile systemd calls to use symlinks instead of systemctl
- Replace brittle image validation with podman image mount
- Add fallback for rootless/mount issues

COMPATIBILITY FIXES:
- Align Debian version references (12 Bookworm vs 14 Forky)
- Add comprehensive COMPATIBILITY.md with version matrix
- Add kernel requirements for composefs (5.15+ basic, 6.5+ recommended)
- Document experimental flags and version requirements

TECHNICAL IMPROVEMENTS:
- Use DEBIAN_FRONTEND=noninteractive in build scripts
- Improve image inspection robustness
- Add explicit version testing matrix
- Document known issues and workarounds

This addresses the most critical issues identified in the ChatGPT review:
1. Safety warnings for destructive operations
2. Build-time systemd handling fixes
3. Robust image validation methods
4. Version compatibility documentation

composefs.md

@@ -13,6 +13,19 @@ Composefs is a Linux kernel filesystem that mounts read-only EROFS images direct
 - **Built-in Security**: fsverity integration for integrity verification
 - **Storage Efficiency**: EROFS compression and deduplication
 
+## Kernel and Userspace Requirements
+
+### Minimum Kernel Requirements
+- **Basic EROFS support**: Kernel 5.15+
+- **Composefs features**: Kernel 6.5+ (recommended)
+- **Advanced overlay/verity**: Kernel 6.6+ for certain integrity modes
+
+### Userspace Requirements
+- **composefs tools**: Userspace composefs utilities
+- **EROFS support**: Enhanced Read-Only File System support
+- **fsverity**: File system verification support
+- **FUSE3**: For fallback mounting (if kernel support unavailable)
+
 ## Why Composefs is Needed
 
 ### Main Branch (OSTree) Problems