COPY multi-source support, configurable rootfs size, build fixes

- COPY now supports multiple sources: COPY a.txt b.txt /dest/
  Last argument is always destination (matches Dockerfile semantics).
- COPY resolves relative destinations against current WORKDIR.
- WRENN_DEFAULT_ROOTFS_SIZE env var (e.g. 5G, 2Gi, 1000M, 512Mi)
  controls template rootfs expansion. Used both at agent startup
  (EnsureImageSizes) and after FlattenRootfs (shrink then re-expand).
- Pre-build now sets WORKDIR /home/wrenn-user after USER switch.
- Extracted archive files get chmod a+rX for readability.
- Path traversal validation on COPY sources.

internal/service/build.go

@@ -31,6 +31,7 @@ const (
 var preBuildCmds = []string{
 	"RUN apt update",
 	"USER wrenn-user",
+	"WORKDIR /home/wrenn-user",
 }
 
 // postBuildCmds run after the user recipe to clean up caches and reduce image size.
@@ -725,11 +726,13 @@ func (s *BuildService) uploadAndExtractArchive(
 		return fmt.Errorf("write archive: %w", err)
 	}
 
-	// Extract.
+	// Extract and ensure files are readable.
+	fullCmd := extractCmd + " && chmod -R a+rX /tmp/build-files"
+
 	resp, err := agent.Exec(ctx, connect.NewRequest(&pb.ExecRequest{
 		SandboxId:  sandboxID,
 		Cmd:        "/bin/sh",
-		Args:       []string{"-c", extractCmd},
+		Args:       []string{"-c", fullCmd},
 		TimeoutSec: 120,
 	}))
 	if err != nil {