Mitigate BPF security issues on our infrastructure

https://www.decadent.org.uk/ben/blog/bpf-security-issues-in-debian.html

Seems important (at least LPE and probably remotely exploitable given Ben blogged about it; public exploit is in the wild) and super cheap to implement now (and waiting won’t make it any cheaper).

Feature Branch: puppet-tails

Related issues

Related to #15095 (closed)
Blocks #13242

Original created by @intrigeri on 15094 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information