fix(fuzzing): move CRS to /opt/bb-crs so non-root containers can access it

The fuzzing containers run as UID 65534 (nobody) which cannot traverse
/root/ (mode 700). Relocate CRS data to /opt/bb-crs with world-readable
permissions so create_directories() succeeds at runtime.

Author: randyquaye

container-builds/fuzzing-container/src/Dockerfile

@@ -104,9 +104,10 @@ WORKDIR /home/fuzzer/aztec-packages/barretenberg/cpp
 # Copy full cov-build to keep LLVM links and external dependencies for coverage report
 COPY --from=builder /home/fuzzer/aztec-packages/barretenberg/cpp/build-fuzzing-cov/ ./build-fuzzing-cov/
 
-# Copy CRS
-COPY --from=builder /root/.bb-crs /root/.bb-crs
-ENV CRS_PATH=/root/.bb-crs
+# Copy CRS to a world-readable location so non-root containers can access it
+COPY --from=builder /root/.bb-crs /opt/bb-crs
+RUN chmod -R 755 /opt/bb-crs
+ENV CRS_PATH=/opt/bb-crs
 
 # Copy flattened target binaries
 COPY --from=builder /targets/ /targets/

container-builds/fuzzing-container/src/Dockerfile.private

@@ -108,9 +108,10 @@ WORKDIR /home/fuzzer/aztec-packages/barretenberg/cpp
 # Copy full cov-build to keep LLVM links and external dependencies for coverage report
 COPY --from=builder /home/fuzzer/aztec-packages/barretenberg/cpp/build-fuzzing-cov/ ./build-fuzzing-cov/
 
-# Copy CRS
-COPY --from=builder /root/.bb-crs /root/.bb-crs
-ENV CRS_PATH=/root/.bb-crs
+# Copy CRS to a world-readable location so non-root containers can access it
+COPY --from=builder /root/.bb-crs /opt/bb-crs
+RUN chmod -R 755 /opt/bb-crs
+ENV CRS_PATH=/opt/bb-crs
 
 # Copy flattened target binaries
 COPY --from=builder /targets/ /targets/