fix: register qemu binfmt_misc with CF flags to preserve suid

[meteyou]

When cross-building an arm image on a non-arm host (e.g. x86 ubuntu-latest GitHub Actions runners), suid binaries executed inside the chroot silently dropped their privileges. Most notably sudo would fail with permission errors, breaking any chroot script that relied on it.

Register the qemu binfmt entry directly via /proc/sys/fs/binfmt_misc/register with the CF flags:

Flag	Effect
C	Kernel derives credentials from the binary, not from the qemu interpreter — restores suid (sudo etc.).
F	"fix-binary": kernel opens the interpreter at register time and pins the file descriptor; it survives chroot.

Positive side effects:

Because the F flag pins the interpreter fd across chroot boundaries, we no longer need to:

• copy qemu-*-static into the target rootfs, or
• pass the interpreter path explicitly to chroot

The $QEMU variable is therefore always empty and has been removed from chroot invocations in src/customize and src/enter_image.

I tested also a full build with MainsailOS here: https://github.com/mainsail-crew/MainsailOS/actions/runs/25255479547?pr=363

[meteyou]

I tested all PRs together and found out, that Trixie changed some stuff from qemu. I fixed all Trixie bugs and commited it. Here is the test run: meteyou/CustoPiZer-dev/actions/runs/25258220249