chore: Remove attached LUKS header from Store partition

[frankdavid]

The Store partition is now formatted with a detached LUKS header only. A legacy attached header still present on a device (which was the previous approach) is wiped on the next open, so only the detached header remains going forward.

In addition, guest_disk now uses a shared metrics Registry and writes all metrics once. The PR adds the guest_disk_store_attached_luks2_header_status gauge to track the header migration state.

[zeropath-ai]

✅ No security or compliance issues detected. Reviewed everything up to eb8df54.

Security Overview

• 🔎 Scanned files: 11 changed file(s)
• 🔗 Scan Link: https://zeropath.com/app/repositories/6992424c-495e-4621-b441-efd6821a4be6?scanId=2b10003f-4451-42f4-93ed-c5cd9e1b22d8&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Refactor	► rs/ic_os/guest_upgrade/client/src/lib.rs     Remove fallback for LUKS header in client ► rs/ic_os/guest_upgrade/server/src/lib.rs     Remove unused send_luks_header field ► rs/ic_os/guest_upgrade/server/src/orchestrator.rs     Remove unused send_luks_header argument ► rs/ic_os/guest_upgrade/server/src/service.rs     Remove unused send_luks_header field ► rs/ic_os/guest_upgrade/tests/src/lib.rs     Remove unused test configuration fields ► rs/ic_os/os_tools/guest_disk/src/crypt.rs     Add function to wipe attached LUKS header     Add function to check for attached LUKS header     Change metrics file parameter to registry ► rs/ic_os/os_tools/guest_disk/src/generated_key.rs     Change metrics file parameter to registry ► rs/ic_os/os_tools/guest_disk/src/main.rs     Use Registry for metrics instead of file path ► rs/ic_os/os_tools/guest_disk/src/metrics.rs     Refactor metrics export to use registry     Add metric for attached LUKS2 header status ► rs/ic_os/os_tools/guest_disk/src/sev.rs     Wipe attached LUKS header on store partition open     Export attached LUKS2 header status metric     Change metrics file parameter to registry ► rs/ic_os/os_tools/guest_disk/src/tests.rs     Update tests to use registry for metrics     Add test for wiping attached LUKS header     Add tests for attached LUKS2 header status metric
Enhancement	► rs/ic_os/os_tools/guest_disk/src/crypt.rs     Allow setting permissions on detached LUKS header file

[blind-oracle]

Maybe uppercase Store or quote it, otherwise looks like a typo

[blind-oracle]

Should we actively check that the existing header is valid? Or this is already done before somewhere?

[blind-oracle]

Hmm is this error even actionable? How can a user remove it?