hcs: tear down containers + reclaim orphaned snapshots so pruning can't wedge The HCS sandbox runs builds with `ctr run --rm` and relies on the run client to delete the container on exit. When a build is cancelled or times out the task is SIGKILLed and the client never completes the `--rm`, so the container is orphaned and keeps its rootfs snapshot pinned. obuilder's snapshot delete then fails, the layer leaks, and over time the leaked layers fill the store below the prune threshold, leaving the worker spinning in a perpetual (useless) prune loop. Manage the container lifecycle explicitly instead: * hcs_sandbox.run: in the finalize (every exit path) issue `ctr task delete --force` + `ctr container rm` so a cancelled or timed-out build's container is actually removed; the build error handler then frees its snapshot. * hcs_store.create: recover crash/reboot leftovers at start-up, in order: remove leftover obuilder-run-* containers (unpinning their snapshots), then for each in-progress result-tmp build remove the specific snapshot named in its layerinfo and drop the entry.