fix(fuzzing): chmod a+rx /home/fuzzer so UID 65534 can traverse home dir

Platform runs containers as nobody (UID 65534). /home/fuzzer was 750
owned by fuzzer:fuzzer, blocking llvm-cov from reading source files
(coverage) and the binary from statting CRS (fuzz crash loop).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: randyquaye

container-builds/fuzzing-container/src/Dockerfile

@@ -112,7 +112,7 @@ ENV CRS_PATH=/home/fuzzer/aztec-packages/.bb-crs
 # Source files, build artifacts, and CRS must be world-readable so llvm-cov
 # can read them when generating HTML coverage reports.  Without this, llvm-cov
 # emits "Permission denied" for every source file and produces empty reports.
-RUN chmod -R a+rX /home/fuzzer/aztec-packages/
+RUN chmod a+rx /home/fuzzer && chmod -R a+rX /home/fuzzer/aztec-packages/
 
 # Copy flattened target binaries
 COPY --from=builder /targets/ /targets/

container-builds/fuzzing-container/src/Dockerfile.private

@@ -113,6 +113,9 @@ COPY --from=builder /root/.bb-crs /opt/bb-crs
 RUN chmod -R 755 /opt/bb-crs
 ENV CRS_PATH=/opt/bb-crs
 
+# Ensure UID 65534 (nobody) can traverse /home/fuzzer for coverage & fuzz runs
+RUN chmod a+rx /home/fuzzer && chmod -R a+rX /home/fuzzer/aztec-packages/
+
 # Copy flattened target binaries
 COPY --from=builder /targets/ /targets/