fix: accurate sandbox metrics and memory management

Three issues fixed:

1. Memory metrics read host-side VmRSS of the Firecracker process,
   which includes guest page cache and never decreases. Replaced
   readMemRSS(fcPID) with readEnvdMemUsed(client) that queries
   envd's /metrics endpoint for guest-side total - MemAvailable.
   This matches neofetch and reflects actual process memory.

2. Added Firecracker balloon device (deflate_on_oom, 5s stats) and
   envd-side periodic page cache reclaimer (drop_caches when >80%
   used). Reclaimer is gated by snapshot_in_progress flag with
   sync() before freeze to prevent memory corruption during pause.

3. Sampling interval 500ms → 1s, ring buffer capacities adjusted
   to maintain same time windows. Reduces per-host HTTP load from
   240 calls/sec to 120 calls/sec at 120 capsules.

Also: maxDiffGenerations 8 → 1 (merge every re-pause since UFFD
lazy-loads anyway), envd mem_used formula uses total - available.

envd-rs/src/http/snapshot.rs

@@ -14,6 +14,10 @@ use crate::state::AppState;
 /// 2. Close idle connections via conntracker
 /// 3. Set needs_restore flag
 pub async fn post_snapshot_prepare(State(state): State<Arc<AppState>>) -> impl IntoResponse {
+    // Block memory reclaimer before anything else — prevents drop_caches
+    // from running mid-freeze which would corrupt kernel page table state.
+    state.snapshot_in_progress.store(true, Ordering::Release);
+
     if let Some(ref ps) = state.port_subsystem {
         ps.stop();
         tracing::info!("snapshot/prepare: port subsystem stopped");
@@ -22,6 +26,9 @@ pub async fn post_snapshot_prepare(State(state): State<Arc<AppState>>) -> impl I
     state.conn_tracker.prepare_for_snapshot();
     tracing::info!("snapshot/prepare: connections prepared");
 
+    // Sync filesystem buffers so dirty pages are flushed before freeze.
+    unsafe { libc::sync(); }
+
     state.needs_restore.store(true, Ordering::Release);
     tracing::info!("snapshot/prepare: ready for freeze");