refactor: Complete directory cleanup

Finalizes directory cleanup by removing obsolete files:
- All old debootstrap build scripts (docker-*.sh, final-simple-build.sh)
- All old documentation from root (BUILD-*.md, DOCKER-*.md)
- Obsolete Dockerfiles (Dockerfile, Dockerfile.build)
- Obsolete chroot-overlay/ directory (now using preseed.cfg)
- Old build.sh (replaced by scripts/build-iso.sh)

All files are now in proper directories:
- scripts/: Build and test scripts
- docs/: All documentation
- config/: Configuration files
- logs/: Log files
- keys/: WireGuard keys

Repository is clean and ready for production.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>

chroot-overlay/etc/audit/rules.d/cis-audit.rules

@@ -1,113 +0,0 @@
-# CIS Benchmark - System Audit Rules
-# Implements CIS Debian Benchmark Section 4.1.2-4.1.17
-
-# Delete all existing rules
--D
-
-# Set buffer size
--b 8192
-
-# Set failure mode
--f 1
-
-# ============================================================================
-# Monitor System Calls (CIS 4.1.10-4.1.17)
-# ============================================================================
-
-# Monitor for use of administration commands (CIS 4.1.10)
--a always,exit -F arch=b64 -S execve -C euid!=uid -F auid>=1000 -F auid!=4294967295 -k admin_cmd
--a always,exit -F arch=b32 -S execve -C euid!=uid -F auid>=1000 -F auid!=4294967295 -k admin_cmd
-
-# Monitor for unauthorized access attempts to files (CIS 4.1.11)
--a always,exit -F arch=b64 -S open,openat,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
--a always,exit -F arch=b32 -S open,openat,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
-
-# Monitor for use of privileged commands (CIS 4.1.12)
--a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged_cmd
--a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged_cmd
--a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged_cmd
--a always,exit -F path=/usr/sbin/useradd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged_cmd
--a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged_cmd
-
-# Monitor for changes to system network configuration (CIS 4.1.13)
--a always,exit -F arch=b64 -S sethostname,setdomainname -k system-locale
--a always,exit -F arch=b64 -S /etc/issue -k system-locale
--a always,exit -F path=/etc/hosts -F perm=wa -k system-locale
--a always,exit -F path=/etc/network/ -F perm=wa -k system-locale
-
-# Monitor for changes to user/group information (CIS 4.1.14)
--w /etc/group -p wa -k identity
--w /etc/passwd -p wa -k identity
--w /etc/gshadow -p wa -k identity
--w /etc/shadow -p wa -k identity
--w /etc/security/opasswd -p wa -k identity
-
-# Monitor for changes to sudoers files (CIS 4.1.15)
--w /etc/sudoers -p wa -k identity
--w /etc/sudoers.d/ -p wa -k identity
-
-# Monitor for changes to system scheduling (CIS 4.1.16)
--w /etc/crontab -p wa -k cron
--w /etc/cron.hourly/ -p wa -k cron
--w /etc/cron.daily/ -p wa -k cron
--w /etc/cron.weekly/ -p wa -k cron
--w /etc/cron.monthly/ -p wa -k cron
--w /var/spool/cron/ -p wa -k cron
--w /etc/cron.d/ -p wa -k cron
-
-# Monitor for changes to time settings (CIS 4.1.17)
--w /etc/localtime -p wa -k time-change
--w /etc/timezone -p wa -k time-change
-
-# ============================================================================
-# Monitor for File Deletion by User
-# ============================================================================
-
--a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=4294967295 -k delete
--a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=4294967295 -k delete
-
-# ============================================================================
-# Monitor for kernel module loading
-# ============================================================================
-
--a always,exit -F arch=b64 -S init_module -F auid>=1000 -F auid!=4294967295 -k modules
--a always,exit -F arch=b32 -S init_module -F auid>=1000 -F auid!=4294967295 -k modules
-
-# ============================================================================
-# Monitor for changes to login configuration
-# ============================================================================
-
--w /etc/login.defs -p wa -k logins
--w /etc/securetty -p wa -k logins
--w /var/log/faillog -p wa -k logins
--w /var/log/lastlog -p wa -k logins
--w /var/log/tallylog -p wa -k logins
-
-# ============================================================================
-# Monitor for system initialization
-# ============================================================================
-
--w /etc/inittab -p wa -k init
--w /etc/init.d/ -p wa -k init
--w /etc/init/ -p wa -k init
--w /etc/systemd/ -p wa -k init
-
-# ============================================================================
-# Monitor for mandatory access control (MAC) events
-# ============================================================================
-
--w /etc/apparmor/ -p wa -k MAC-policy
--w /etc/apparmor.d/ -p wa -k MAC-policy
-
-# ============================================================================
-# Audit Log Configuration
-# ============================================================================
-
-# Prevent auditd from being killed
--a never,exit -F arch=b64 -S kill -F auid>=1000 -F auid!=4294967295 -k auditd
--a never,exit -F arch=b32 -S kill -F auid>=1000 -F auid!=4294967295 -k auditd
-
-# Monitor for changes to audit configuration
--w /etc/audit/ -p wa -k audit_config
--w /etc/libaudit.conf -p wa -k audit_config
--w /etc/audisp/ -p wa -k audit_config