feat: upgrade to Debian 13 (trixie)

- Update build script to use Debian 13 trixie
- Update APT sources for Debian 13
- Update documentation references to Debian 13
- Update compliance standards to include CMMC Level 3

This upgrade provides:
- Latest security patches
- Improved kernel hardening capabilities
- Enhanced package management
- Better compatibility with modern security standards

References:
- CIS Debian 13 Benchmark
- CMMC Level 3
- FedRAMP Moderate

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

build.sh

@@ -9,7 +9,7 @@ set -e
 # ============================================================================
 
 # Debian version
-DEBIAN_VERSION="bookworm"
+DEBIAN_VERSION="trixie"
 
 # WireGuard endpoint configuration
 WG_ENDPOINT_IP="192.0.2.1"        # REPLACE with your WireGuard server IP
@@ -77,7 +77,7 @@ sudo apt-get install -y debootstrap qemu-utils kpartx squashfs-tools
 # ============================================================================
 
 echo ""
-echo "[2/9] Bootstrapping minimal Debian $DEBIAN_VERSION..."
+echo "[2/9] Bootstrapping minimal Debian $DEBIAN_VERSION (Debian 13 Trixie)..."
 
 sudo debootstrap \
     --arch=amd64 \
@@ -94,8 +94,8 @@ echo ""
 echo "[3/9] Configuring APT sources..."
 
 cat << 'EOF' | sudo tee "$CHROOT_DIR/etc/apt/sources.list"
-deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
-deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
 EOF
 
 # ============================================================================