Merge branch 'vsock-fix-child-netns-mode-initialization-and-restriction'

Stefano Garzarella says:

====================
vsock: fix child netns mode initialization and restriction

This series fixes two issues in the vsock network namespace support
recently introduced by commit eafb64f40ca4 ("vsock: add netns to vsock
core").

Patch 1 fixes `child_ns_mode` being always hardcoded to "global" for new
namespaces, breaking propagation of the "local" mode through nested
namespaces.

Patch 2 prevents a "local" namespace from switching `child_ns_mode` to
"global", which would allow nested namespaces to escape vsock isolation
and access global CIDs.
====================

Link: https://patch.msgid.link/20260212205916.97533-1-sgarzare@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>