AR03.5: rootless podman rm undo via cross-runtime delegation

[espadonne]

Summary

• AR03.5 — proves the helper's PodmanVerb → DockerVerb normalisation (From<DockerVerb> in container/event.rs::prepare) round-trips end-to-end. Same capture (podman inspect + podman commit) + same synthesis (synthesize_container_run) + same executor (apply_rm) — only the runtime tool name changes.
• New smoke tests/smoke/podman-rm-undo-linux.sh mirrors AR10.9's docker-rm-undo-linux.sh byte-for-byte in structure: launches busybox with port + env + volume + restart policy, writes a rootfs probe via podman exec, podman rm -f, shit undo, asserts the restored container has the same effective config AND the in-place rootfs writes.
• New CI job installs podman from apt on ubuntu-24.04 hosted runners (they don't ship it) and runs rootless.
• No code changes — AR10.9 already did all the heavy lifting; this PR is the proof that the cross-runtime bet from C04.3 pays off.

Scope

• Implements: rootless podman rm round-trip (the AR03.5 spec target).
• Out of scope: podman volume rm / rmi / network rm smokes — the docker counterparts already validate the per-verb wire shapes; podman delegation works because the classifier normalises. Adding per-verb podman smokes is mechanical busywork; would inflate the AR matrix without surfacing new bugs.
• Out of scope: rootful podman. The spec calls out rootless explicitly; rootful is identical from our perspective.

Test plan

• Smoke runs locally (against a rootless podman install) — see structure parallels docker-rm-undo
• `dr-smoke / podman-rm-undo` job green (validates apt podman install + rootless slirp4netns port binding + cross-runtime delegation)
• No regressions on docker-rm-undo (AR10.9), docker-rmi-undo (AR03.2), docker-volume-rm-undo (AR03.3), docker-network-rm-undo (AR03.4)
• `linux-kernel-capture` matrix stays green