fix(fde): resolve default GRUB menuentry when grubenv has no saved_entry

[Wilbert957]

Problem

cryptpilot-fde show-reference-value fails on a freshly built image that has
never been booted:

saved_entry not found in GRUB environment

load_kernel_artifacts (src/cmd/fde/disk.rs) hard-requires saved_entry
from the GRUB environment block:

let saved_entry = grub_vars
    .get("saved_entry")
    .ok_or_else(|| anyhow::anyhow!("saved_entry not found in GRUB environment"))?;

But a never-booted image (a normal state for an image produced by
cryptpilot-convert) has an empty grubenv — saved_entry is only written at
runtime by savedefault. GRUB's selection order is
next_entry > saved_entry > set default, and these images boot the default
entry (set default="0", i.e. the first menuentry). So the reference-value
extractor cannot determine the boot entry and errors out.

Fix

When saved_entry is absent, fall back to GRUB's default entry by resolving the
first menuentry id from grub.cfg (matching set default="0"), instead of
failing. No image mutation is required.

• New module-level helper default_menuentry_id(grub_cfg) extracts the id (the
  quoted token before the entry's opening brace), skipping non-entry lines such
  as menuentry_id_option=....
• load_kernel_artifacts uses the existing saved_entry when present, otherwise
  this fallback.

Testing

cargo check passes. Verified against a GCP/Ubuntu 24.04 image converted with
cryptpilot-convert whose grubenv is empty and whose grub.cfg uses
set default="0".

🤖 Generated with Claude Code

[shankailun-aliyun]

@Wilbert957 ，您好，您的请求已接收，请耐心等待结果。

[shankailun-aliyun]

@Wilbert957 ，您好，未检测到有镜像需要构建，如需重新检测请评论 /start 。

[Wilbert957]

Superseded: re-done against current master (0.8.0) at the correct location cryptpilot-fde/src/disk/grub.rs. The earlier branch was based on a stale 0.2.7 checkout.