* Fix hooks under encrypted partitions
We had a mess of mounting and unmounting things around when we try to
copy things to persistent.
Part of the changes (using the by-label to mount the persistent) are due
to the change in kcrypt. As we set the same label to the encrypted fs
and unencrypted fs, our utils.Mount could get mistaken and return the
first hit, which usually its the encrypted one, and we cannot mount that
one.
This patch brings it up to date.
- Makes bundles and logs hooks work when we have encrypted persistent.
It didnt work before.
- Makes both workflows the same.
- Locks everything once its over, to not leave encrypted parts around
- Mounts OEM so kcrypt can read the config if we are using a remote
server for encryption
- Mounts by label so there is not a change of getting the wrong device
- Uses the mount syscall directly. The util can mistake and return the
actual encrypted part if they both have the same label and finds it
first
---------
Signed-off-by: Itxaka <itxaka@kairos.io>
