Prune stale firmware cache versions

[JAORMX]

Problem

Each propolis version bump creates a new firmware cache directory at ~/.cache/broodbox/firmware/<version>/<os>-<arch>/ (~tens of MBs per version). Old version directories are never deleted, so the cache grows unbounded over time.

The cache structure looks like:

~/.cache/broodbox/firmware/
├── v0.0.7/
│   └── linux-amd64/
│       ├── firmware.json
│       └── propolis-firmware-linux-amd64/
│           └── libkrunfw.so.5
├── v0.0.8/                          ← current
│   └── linux-amd64/
│       ├── firmware.json
│       └── propolis-firmware-linux-amd64/
│           └── libkrunfw.so.5
└── .firmware.lock

Only the current version is ever used. Previous versions are dead weight.

Proposed Solution

After a successful fresh firmware download in downloadFirmware, scan sibling version directories under the cache root and delete any that don't match the version just downloaded.

Implementation

In internal/infra/vm/firmware.go, after writing the manifest and before returning from the successful download path:

1. List entries in cacheRoot (the firmware cache root, e.g. ~/.cache/broodbox/firmware/)
2. For each subdirectory that looks like a version (skip .firmware.lock and temp files)
3. If the directory name doesn't match the current version, remove it
4. Log a debug message for each pruned version
5. Pruning failures should be logged but not cause the download to fail — firmware is already cached successfully at this point

Scope

• Only prune after a fresh download (not on cache hit — no point scanning when nothing changed)
• Only prune version directories, not the lock file or temp files
• The file lock is already held during download, so no concurrency issues
• Should be safe to also add a task firmware-clean target that removes the entire ~/.cache/broodbox/firmware/ directory, for manual cleanup

Not in scope

• LRU/TTL-based eviction (overkill — only one version is ever active)
• Pruning runtime cache (separate concern)