fix: move preseed.cfg to includes.installer for live-build

The preseed file needs to be in config/includes.installer/ for live-build
to embed it into the Debian installer. Previously it was in config/ which
doesn't get picked up by lb build.

- Moved config/preseed.cfg -> config/includes.installer/preseed.cfg
- Updated all test files to reference new path

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

config/includes.installer/preseed.cfg

@@ -0,0 +1,142 @@
+# Localization - suppress all locale questions
+d-i debian-installer/locale string en_US.UTF-8
+d-i debian-installer/supported_locales multiselect en_US.UTF-8
+d-i console-setup/ask_detect boolean false
+d-i console-setup/layoutcode string us
+d-i console-setup/variantcode string
+
+# Keyboard
+d-i keyboard-configuration/xkb-keymap select us
+d-i keyboard-configuration/toggle select No toggling
+
+# Set debconf priority to critical to suppress non-essential questions
+d-i debconf/priority select critical
+
+# Network configuration
+d-i netcfg/choose_interface select auto
+d-i netcfg/disable_autoconfig boolean false
+d-i netcfg/get_hostname string knel-football
+d-i netcfg/get_domain string knel.net
+d-i netcfg/hostname string knel-football
+
+# Mirror configuration
+d-i mirror/country string manual
+d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+# Clock and time zone setup
+d-i time/zone string US/Chicago
+d-i clock-setup/utc boolean true
+d-i clock-setup/ntp boolean true
+
+# User setup
+# SECURITY: Passwords are prompted during installation, not hardcoded
+# This ensures each installation has unique credentials
+d-i passwd/user-fullname string football user
+d-i passwd/username string football
+# Force password prompt during installation
+d-i passwd/user-password-crypted string !
+d-i passwd/root-password-crypted string !
+d-i passwd/root-login boolean true
+
+# Password quality enforcement (MANDATORY for tier0 security)
+d-i passwd/make-user boolean true
+d-i passwd/user-default-groups string audio,video,plugdev,input,cdrom,floppy
+
+# PAM password quality configuration (enforced in installed system)
+# This will be configured in post-installation hooks
+
+# Partitioning (LUKS full disk encryption - MANDATORY)
+d-i partman-auto/disk string /dev/sda
+d-i partman-auto/method string crypto
+d-i partman-auto-lvm/device_remove_lvs boolean true
+d-i partman-auto-lvm/device_remove_lvs_span boolean true
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto-lvm/new_vg_name string knel_vg
+d-i partman-auto/expert_recipe string                         \
+      boot-root ::                                            \
+              256 512 256 ext4                                \
+                      $primary{ } $bootable{ }                \
+                      method{ format } format{ }              \
+                      use_filesystem{ } filesystem{ ext4 }    \
+                      mountpoint{ /boot }                      \
+              .                                               \
+              1024 10000 1000000000 ext4                      \
+                      $lvmok{ }                                \
+                      method{ format } format{ }              \
+                      use_filesystem{ } filesystem{ ext4 }    \
+                      mountpoint{ / }                         \
+              .                                               \
+              512 200% 2048 linux-swap                        \
+                      $lvmok{ }                                \
+                      method{ swap } format{ }                \
+              .
+
+# LUKS encryption configuration (AES-XTS, 256-bit key)
+# NOTE: Passphrase will be prompted during installation
+# REQUIREMENTS: 14+ characters, mix of upper/lower/digits/special
+# This passphrase unlocks the encrypted disk at boot time
+d-i partman-crypto/erase_disks boolean true
+d-i partman-crypto/erase_disks_secure boolean true
+
+# LUKS cipher selection
+d-i partman-crypto/cipher aes-xts-plain64
+d-i partman-crypto/keysize 512
+d-i partman-crypto/lvm boolean true
+
+# LUKS2 format (modern, more secure)
+d-i partman-crypto/use-luks2 boolean true
+
+# Confirm partitioning
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+# Package selection
+tasksel tasksel/first multiselect standard
+d-i pkgsel/include string \
+    icewm \
+    lightdm \
+    remmina \
+    wireguard \
+    wireguard-tools \
+    mousepad \
+    zbar-tools \
+    nftables \
+    openssh-client \
+    cryptsetup \
+    cryptsetup-initramfs \
+    busybox \
+    dmsetup \
+    libpam-pwquality
+
+# Boot loader configuration
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean false
+d-i grub-installer/bootdev string default
+d-i grub-installer/force-efi-extra-removable boolean true
+
+# Popularity contest - do not participate
+popularity-contest popularity-contest/participate boolean false
+
+# Security configuration
+d-i security/updates select none
+d-i passwd/shadow boolean true
+
+# Finish
+d-i finish-install/reboot_in_progress note
+d-i cdrom-detect/eject boolean false
+
+# Skip additional prompts
+d-i apt-setup/contrib boolean false
+d-i apt-setup/non-free boolean false
+d-i apt-setup/backports boolean false
+d-i apt-setup/services-select multiselect
+
+# Don't ask about kernel flavors
+d-i base-installer/kernel/image select linux-image-amd64
+
+# Don't ask about hostname confirmation
+d-i netcfg/confirm_static boolean true