feat(orb-health): add orbd daemon, filesizes health

[pophilpo]

Log filesizes in persistent

Traverse /usr/persistent and log every filesizes in bytes.
The orbd service is capable to traverse NetworkManager and tee folders (root protected) through these capabilities:

CapabilityBoundingSet=CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_DAC_READ_SEARCH

This only allows to list files and metadata, not read them

Sample output

/usr/persistent/.seekthermal/cal/E49257A61E0D/ThermAdjust_FF.bin: 2949120 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/config.json: 86841 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/.seekthermal/cache/E49257A61E0D/fsc0.bin: 64684 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/23: 24576 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/dirf.db: 24576 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/0: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/7: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/8: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/9: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/a: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/b: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/c: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/d: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/e: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/f: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/10: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/11: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/12: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/13: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/14: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/15: 16384 bytes
Jun 16 12:09:24 localhost.localdomain worldcoin-orbd[6419]: /usr/persistent/tee/16: 16384 bytes

Open to different formatting options, in case we want to build any meaningful metrics in DD

[github-actions]

Found one concrete issue:

• orbd/debian/worldcoin-orbd.service:16-21: CAP_DAC_READ_SEARCH is broader than the comment/PR body claims. Linux defines it as bypassing discretionary file read permission checks as well as directory read/search checks, so orbd can read root-owned files, not just stat them. Because this is an ambient capability on a long-running “monolith” daemon, future code or any compromise of orbd inherits that read access. Please either avoid the capability via permissions/ACLs, move this into a tightly scoped helper, or drop the capability immediately after the startup traversal before the daemon stays resident.