fix(rollback): cleanup bind mounts on failure

Add cleanup for bind mounts (/dev, /proc, /sys, /run) created
during post-install phase. Without this, failures in post-install
leave bind mounts active, preventing subsequent cleanup of the
main filesystem mounts.

Clean bind mounts first (innermost to outermost), then regular
mounts, then LUKS mapping to ensure proper teardown order.

Decision: Check each bind mount individually rather than relying
on umount -R to handle everything, for better error reporting and
partial cleanup capability.

Context: Bind mounts are only created if post-install phase is
reached, but rollback must handle cleanup from any failure point.

src/rollback.sh

@@ -58,11 +58,24 @@ rollback_offer() {
 rollback_cleanup() {
   : "${MOUNT_ROOT:?Mount root is required}"
   : "${CRYPT_NAME:?Crypt mapping name is required}"
+
+  # Clean up bind mounts first (from postinstall)
+  if [[ -d "$MOUNT_ROOT" ]]; then
+    for bind_path in dev proc sys run; do
+      if findmnt "$MOUNT_ROOT/$bind_path" >/dev/null 2>&1; then
+        log_info "Unmounting bind mount: $MOUNT_ROOT/$bind_path"
+        umount -R "$MOUNT_ROOT/$bind_path" 2>/dev/null || log_warn "Failed to unmount $MOUNT_ROOT/$bind_path"
+      fi
+    done
+  fi
+
+  # Clean up regular mounts
   if findmnt "$MOUNT_ROOT" >/dev/null 2>&1; then
     log_info "Unmounting $MOUNT_ROOT"
     umount -R "$MOUNT_ROOT" || log_warn "Failed to unmount $MOUNT_ROOT"
   fi
 
+  # Close LUKS mapping
   if [[ -e "/dev/mapper/$CRYPT_NAME" ]]; then
     log_info "Closing LUKS mapping $CRYPT_NAME"
     cryptsetup close "$CRYPT_NAME" || log_warn "Failed to close LUKS mapping"