The container runtime seam (Principle #3, deep module).
veloslet drives micro-VMs only through the [ContainerRuntime] trait, so the
Apple Containerization container CLI can be swapped for Tart, Linux, or a
fake without touching the worker's reconcile logic. Every instance is keyed by
its Velos container uid, which makes actuation idempotent: reconcile after a
crash matches existing instances by uid before launching.
Backends today: [AppleContainer] (real) and [FakeRuntime] (tests). A Linux
backend (e.g. via podman/runc or a libkrun micro-VM) is the planned next
addition behind this same trait — tracked separately, not in this change.