feat(volsnap): volume snapshot restore (backlog #6)

Restore a captured volume snapshot onto an image workload's live host-bind
data volumes, then redeploy — the most destructive workload action, built to
the adversarially-reviewed design (C1–C6) with all data-loss guards.

- Engine.Restore (engine-owned): all-or-nothing pre-flight re-resolution from
  the workload's CURRENT config (never the tamperable manifest), per-filesystem
  disk pre-check, per-workload lock, container quiesce, extract-to-tmp, durable
  pre-restore snapshot, write-ahead journal, atomic rename swap, redeploy, and
  crash-recovery sweep (RecoverInterruptedRestores) wired before serving.
- internal/keyedmutex: shared per-key lock; deployer now serializes every
  deploy entrypoint per workload via DispatchPlugin (+ LockWorkload/RedeployLocked
  for the restore re-dispatch, no deadlock).
- Untrusted-archive extractor: zip-slip containment, type allow-list (reg/dir
  only), decompression-bomb cap, manifest-index bounds.
- POST /api/workloads/{id}/snapshots/{sid}/restore: admin, X-Confirm-Restore
  header (CSRF), per-workload single-flight (409).
- WebUI: Restore button + danger ConfirmDialog + busy state + i18n (en/ru).

Scope: image-source only; scopes absolute/stage/project (driven off the same
supportedScopes constant capture uses).

Plan-reviewed before coding; per-phase go/security/ts reviews; final review
READY TO MERGE. Security review caught + fixed a CRITICAL manifest-Source path
traversal (re-derive target from current config + base containment).

Plan: plans/volume-snapshot-restore/

internal/volsnap/volumes.go

@@ -80,27 +80,10 @@ func SnapshotableVolumes(st *store.Store, w store.Workload, settings store.Setti
 		return nil, nil, nil
 	}
 
-	byTarget := map[string]store.WorkloadVolume{}
-
-	var cfg scVolumes
-	if w.SourceConfig != "" {
-		// Best-effort: a malformed config simply yields no inline volumes; the
-		// persisted rows below still apply.
-		_ = json.Unmarshal([]byte(w.SourceConfig), &cfg)
-	}
-	for _, v := range cfg.Volumes {
-		if v.Target == "" {
-			continue
-		}
-		byTarget[v.Target] = store.WorkloadVolume{Source: v.Source, Target: v.Target, Scope: v.Scope, Name: v.Name}
-	}
-	persisted, perr := st.ListWorkloadVolumes(w.ID)
+	byTarget, perr := volumesByTarget(st, w)
 	if perr != nil {
 		return nil, nil, perr
 	}
-	for _, p := range persisted {
-		byTarget[p.Target] = store.WorkloadVolume{Source: p.Source, Target: p.Target, Scope: p.Scope, Name: p.Name}
-	}
 
 	params := volume.ResolveWorkloadParams{
 		BasePath:           settings.BaseVolumePath,
@@ -132,6 +115,37 @@ func SnapshotableVolumes(st *store.Store, w store.Workload, settings store.Setti
 	return refs, skipped, nil
 }
 
+// volumesByTarget merges a workload's source_config inline volumes with its
+// persisted workload_volumes rows (persisted wins on a target conflict), keyed
+// by container target path. It is the authoritative current volume set, shared
+// by capture enumeration (SnapshotableVolumes) and restore pre-flight so both
+// resolve host paths the same way — restore must never trust a snapshot's
+// persisted manifest to name a host directory.
+func volumesByTarget(st *store.Store, w store.Workload) (map[string]store.WorkloadVolume, error) {
+	byTarget := map[string]store.WorkloadVolume{}
+
+	var cfg scVolumes
+	if w.SourceConfig != "" {
+		// Best-effort: a malformed config simply yields no inline volumes; the
+		// persisted rows below still apply.
+		_ = json.Unmarshal([]byte(w.SourceConfig), &cfg)
+	}
+	for _, v := range cfg.Volumes {
+		if v.Target == "" {
+			continue
+		}
+		byTarget[v.Target] = store.WorkloadVolume{Source: v.Source, Target: v.Target, Scope: v.Scope, Name: v.Name}
+	}
+	persisted, err := st.ListWorkloadVolumes(w.ID)
+	if err != nil {
+		return nil, err
+	}
+	for _, p := range persisted {
+		byTarget[p.Target] = store.WorkloadVolume{Source: p.Source, Target: p.Target, Scope: p.Scope, Name: p.Name}
+	}
+	return byTarget, nil
+}
+
 func skipReason(scope string) string {
 	switch scope {
 	case string(store.VolumeScopeInstance):