fix(kube): persist k3s node password across reboots

[naiming-zededa]

Description

The k3s node password lives on a tmpfs overlay and is regenerated on
every reboot, causing NodePasswordValidationFailed errors against the
server-side etcd secret and potentially leaving the node stuck
NotReady.

Persist the password to /var/lib/k3s-node-password (inside the
TPM-sealed vault) so it survives reboots. Restore it before k3s
starts; save it inside check_start_k3s immediately after k3s launches,
covering both first-init and restart paths.

Added the bronw field case, it finds if there is no k3s-node-password
in the persist /var/lib, it will flag it, and delete the secret of the
node-password for itself

PR dependencies

How to test and validate this PR

With this patch in eve-k, at the single-node mode, convert it to part of the cluster.
Then restart the device after it is part of the cluster, do kubectl describe node,
we should not see the events having: NodePasswordValidationFailed

and test for brown field for existing eve-k cluster.
After the first image upgrade w/ this patch, the node-password will be removed from
the cluster. it takes a second reboot or k3s restart to take effect.

Changelog notes

fix(kube): persist k3s node password across reboots

PR Backports

Checklist

• I've provided a proper description
• I've added the proper documentation
• I've tested my PR on amd64 device
• I've tested my PR on arm64 device
• I've written the test verification instructions
• I've set the proper labels to this PR

For backport PRs (remove it if it's not a backport):

• I've added a reference link to the original PR
• PR's title follows the template

And the last but not least:

• I've checked the boxes above, or I've provided a good reason why I didn't
  check them.

Please, check the boxes above after submitting the PR in interactive mode.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 21.05%. Comparing base (2caf795) to head (ca89af2).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5970      +/-   ##
==========================================
+ Coverage   20.64%   21.05%   +0.41%     
==========================================
  Files         489      499      +10     
  Lines       90431    92129    +1698     
==========================================
+ Hits        18667    19399     +732     
- Misses      70187    70972     +785     
- Partials     1577     1758     +181     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[zedi-pramodh]

You need to update these comments since I believe you fixed the brown field installs too.

[naiming-zededa]

Sure. Updated.

[zedi-pramodh]

LGTM, Just address the comments.

[rene]

@claude

[eriknordmark]

Run tests