0d29a9ae62
Add literate programming phase 1 documentation for: - partitioning.sh: UEFI layout with ESP and encrypted root - encryption.sh: LUKS encryption strategy and key handling - filesystems.sh: filesystem choices and swap configuration - mounts.sh: mount tree preparation for installer handoff Decision: Swap file instead of swap partition for automatic encryption and flexibility. Swap partition would require either a second LUKS container (two passphrases at boot), unencrypted swap (security risk), or LVM (out of scope). Decision: /boot inside encrypted root for simplicity. GRUB unlocks LUKS once, kernel and initramfs are protected. ESP remains unencrypted per UEFI requirements. Decision: Default to btrfs with explicit ext4 opt-in. Btrfs provides snapshots and flexibility. Swap file on btrfs requires No-COW subvolume to avoid corruption. Trade-off: LUKS2 vs LUKS1. LUKS2 provides better security features and tooling, but GRUB <2.06 may have incomplete support. Users informed of potential boot issues with clear recovery path rather than silent downgrade.