introduce systemd-validatefs@.service that ensures file systems can only be used...

If we have multiple trusted fs (i.e. luks or dm-verity) we generate via
repart at boot, we must make sure they cannot be "misappropriated", i.e.
used for a different mount they were intended for.

Hence, let's introduce "mount constraint" data (encoded in xattrs on the
root inode of the fs) that tells us where a file system has to be
mounted, and what the gpt partition metadata has to be for the fs to be
valid.

Inspired by this thread:
https://lists.freedesktop.org/archives/systemd-devel/2025-March/051244.html