rootfs-builder: enable kata-addon-mount@coco.service in systemd targets

Create a symlink to enable kata-addon-mount@coco.service in
kata-containers.target.wants during rootfs construction for
systemd-based (non-AGENT_INIT) guests.

The unit's ConditionPathExists guard ensures it only activates when
the virtio-addon-coco block device is actually present in the VM,
so enabling it unconditionally in the base image is safe.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Assisted-by: Cursor <cursoragent@cursor.com>

tools/osbuilder/rootfs-builder/rootfs.sh

@@ -791,6 +791,11 @@ EOF
 		ln -sf "/usr/lib/systemd/system/kata-containers.target" "${ROOTFS_DIR}/etc/systemd/system/basic.target.wants/kata-containers.target"
 		mkdir -p "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants"
 		ln -sf "/usr/lib/systemd/system/dbus.socket" "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants/dbus.socket"
+		# Enable the addon mount template for known addon names.
+		# The unit uses ConditionPathExists so it is a no-op when the
+		# addon device is not attached to the VM.
+		ln -sf "/usr/lib/systemd/system/kata-addon-mount@.service" \
+			"${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants/kata-addon-mount@coco.service"
 		chmod g+rx,o+x "${ROOTFS_DIR}"
 
 		if [[ "${CONFIDENTIAL_GUEST}" == "yes" ]]; then