fix(storage): use /host-dev for block device access inside container

Docker always creates a fresh tmpfs at /dev, silently dropping any
/dev:/dev bind mount. Block devices must be accessed via /host-dev
where the host /dev is actually mounted.

Changes:
- docker-compose.yml: /dev:/dev → /dev:/host-dev:rw
- safety.go: add HostDevPath constant + HostDevicePath() helper
- format_linux.go: all device ops (stat, sfdisk, partprobe, mkfs.ext4,
  blkid) use HostDevicePath() to resolve /dev/sdb → /host-dev/sdb
- safety_linux.go: IsSystemDisk() stats device via /host-dev
- scan_linux.go: enrichWithBlkid() probes each partition individually
  via /host-dev/sdXN instead of batch blkid -o export (which can't
  find devices when /dev is Docker's minimal tmpfs)

Fixes "stat /dev/sdb: no such file or directory" in FormatAndMount.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

controller/internal/storage/safety.go

@@ -3,6 +3,7 @@ package storage
 import (
 	"fmt"
 	"regexp"
+	"strings"
 )
 
 // mountNameRe validates mount names: only alphanumeric + underscore.
@@ -12,6 +13,21 @@ var mountNameRe = regexp.MustCompile(`^[a-zA-Z0-9_]+$`)
 // The compose file mounts /etc/fstab → /host-fstab.
 const FstabPath = "/host-fstab"
 
+// HostDevPath is where the host's /dev is mounted inside the container.
+// Docker always creates its own tmpfs at /dev (overriding any bind mount),
+// so the host's block devices are mounted at a different path instead.
+const HostDevPath = "/host-dev"
+
+// HostDevicePath converts a standard /dev/ device path to the container-accessible path.
+// "/dev/sdb" → "/host-dev/sdb", "/dev/sdb1" → "/host-dev/sdb1"
+// Paths that don't start with /dev/ are returned unchanged.
+func HostDevicePath(devPath string) string {
+	if strings.HasPrefix(devPath, "/dev/") {
+		return HostDevPath + "/" + strings.TrimPrefix(devPath, "/dev/")
+	}
+	return devPath
+}
+
 // ValidateMountName returns an error if the mount name is invalid.
 func ValidateMountName(name string) error {
 	if name == "" {