Revert workspace.nspawn to simple configuration

- Remove incorrect nested container settings
- Audit error cannot be solved with nspawn config (kernel issue)
- Keep simple config: Boot=yes, Bind mount, no VirtualEthernet
- Works in production (aios as OS), not in test (nested container)

cfg/setup-user.sh

@@ -37,13 +37,9 @@ cat > $ROOTFS/etc/systemd/nspawn/workspace.nspawn <<'EOF'
 [Exec]
 Boot=yes
 ResolvConf=copy-host
-Capability=all
-SystemCallFilter=@keyring bpf
-PrivateUsers=no
 
 [Files]
 Bind=/home/ai:/root
-SuppressSync=false
 
 [Network]
 VirtualEthernet=no