manifests/ostree-image: convert to LUKS

Wrap the LVM volume group in a LUKS container with the passphrase
`osbuild` (yes, really, super secure). NB: the kernel command line
is changed to include `luks.uuid` which is needed so that dracut
will attempt to open the luks container. This corresponds to an
crypttab entry `luks-uuid UUID`. We cannot use the /etc/crypttab
for ostree based images because the initrd is created at commit
time but they luks volume is created at deployment time, we have
to use the kernel command line instead. See the man page for the
systemd-cryptsetup-generator(8) for more information.

The `cryptsetup` package is included in the build root since it is
needed by the `org.osbuild.luks2.format` stage. All manifests that
are using the `f34-build-v2` build root change as a result.

test/data/manifests/fedora-ostree-image.json

@@ -29,6 +29,7 @@
                 "sha256:8e84885c1a04e6387ce9788ba4dd585bc6d529970404bcf1f59c174f6606a51d": {},
                 "sha256:34441a7147eed87587bf5a6edbb6b495b3504db4b2438580dd353c97466b9534": {},
                 "sha256:809a330873f918264d495039d98b21d329d4c7c6ca9d597642e76049121c427e": {},
+                "sha256:cde2236a40f04af8c9a7352ac6e03f08ee077291627e1e4259a59bbf09368159": {},
                 "sha256:66e2b56a90b134fff1c2d8fa5b32b996a110345f8dcea434cfe4c4d823532472": {},
                 "sha256:05653cf4ebc4a25d6d13258bb49bc66ad735335a8db73eff8f1bfbf628aef19b": {},
                 "sha256:6ddbf894c0a7542ecc5a641bde06659c5a80cd954fcfd2f9e558885e81724d60": {},
@@ -904,7 +905,8 @@
               "console=tty0",
               "console=ttyS0",
               "systemd.log_target=console",
-              "systemd.journald.forward_to_console=1"
+              "systemd.journald.forward_to_console=1",
+              "luks.uuid=aedd1eef-f24e-425e-a9f3-bb5a1c996a95"
             ]
           }
         },
@@ -1035,7 +1037,7 @@
                 "start": 413696,
                 "size": 20557791,
                 "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4",
-                "uuid": "6264D520-3FB9-423F-8AB8-7A0A8E3D3562"
+                "uuid": "CA7D7CCB-63ED-4C53-861C-1742536059CC"
               }
             ]
           }
@@ -1048,7 +1050,8 @@
               "options": {
                 "filename": "disk.img",
                 "start": 4096,
-                "size": 204800
+                "size": 204800,
+                "lock": true
               }
             }
           },
@@ -1065,7 +1068,8 @@
               "options": {
                 "filename": "disk.img",
                 "start": 208896,
-                "size": 204800
+                "size": 204800,
+                "lock": true
               }
             }
           },
@@ -1075,15 +1079,47 @@
           }
         },
         {
-          "type": "org.osbuild.lvm2.create",
+          "type": "org.osbuild.luks2.format",
           "devices": {
             "device": {
+              "type": "org.osbuild.loopback",
+              "options": {
+                "filename": "disk.img",
+                "start": 413696,
+                "size": 20557791,
+                "lock": true
+              }
+            }
+          },
+          "options": {
+            "passphrase": "osbuild",
+            "uuid": "aedd1eef-f24e-425e-a9f3-bb5a1c996a95",
+            "label": "luks",
+            "pbkdf": {
+              "method": "argon2i",
+              "memory": 32,
+              "parallelism": 1,
+              "iterations": 4
+            }
+          }
+        },
+        {
+          "type": "org.osbuild.lvm2.create",
+          "devices": {
+            "luks": {
               "type": "org.osbuild.loopback",
               "options": {
                 "filename": "disk.img",
                 "start": 413696,
                 "size": 20557791
               }
+            },
+            "device": {
+              "type": "org.osbuild.luks2",
+              "parent": "luks",
+              "options": {
+                "passphrase": "osbuild"
+              }
             }
           },
           "options": {
@@ -1098,7 +1134,7 @@
         {
           "type": "org.osbuild.mkfs.xfs",
           "devices": {
-            "lvm": {
+            "luks": {
               "type": "org.osbuild.loopback",
               "options": {
                 "filename": "disk.img",
@@ -1106,6 +1142,13 @@
                 "size": 20557791
               }
             },
+            "lvm": {
+              "type": "org.osbuild.luks2",
+              "parent": "luks",
+              "options": {
+                "passphrase": "osbuild"
+              }
+            },
             "device": {
               "type": "org.osbuild.lvm2.lv",
               "parent": "lvm",
@@ -1155,7 +1198,7 @@
                 "size": 204800
               }
             },
-            "lvm": {
+            "luks": {
               "type": "org.osbuild.loopback",
               "options": {
                 "filename": "disk.img",
@@ -1163,6 +1206,13 @@
                 "size": 20557791
               }
             },
+            "lvm": {
+              "type": "org.osbuild.luks2",
+              "parent": "luks",
+              "options": {
+                "passphrase": "osbuild"
+              }
+            },
             "root": {
               "type": "org.osbuild.lvm2.lv",
               "parent": "lvm",
@@ -1214,13 +1264,19 @@
         {
           "type": "org.osbuild.lvm2.metadata",
           "devices": {
-            "device": {
+            "luks": {
               "type": "org.osbuild.loopback",
               "options": {
                 "filename": "disk.img",
                 "start": 413696,
-                "size": 20557791,
-                "lock": true
+                "size": 20557791
+              }
+            },
+            "device": {
+              "type": "org.osbuild.luks2",
+              "parent": "luks",
+              "options": {
+                "passphrase": "osbuild"
               }
             }
           },