feat: harden bootstrap and optimize network data path

- Security: Eliminate namespace escape risk by removing `HostBind` and enforcing `FDBind` using pre-opened host socket FDs.
- Security: Replace unsafe `atoi` with `strtol` and strict validation in the C launcher to prevent malformed PID joins.
- Stability: Fix PID wraparound by storing session timestamps in PID files to detect recycled PIDs.
- Stability: Resolve DNS mount leaks by implementing proper unmounting of `/etc/resolv.conf` during tunnel shutdown.
- Performance: Optimize `FDBind` throughput by implementing batch packet processing in the receive loop.
- Deployment: Implement `memfd_create` for the C launcher to support `noexec` temporary directories and reduce disk I/O.
- Maintenance: Replace external `ip` CLI dependency with native `netlink` library for robust network configuration.
- Quality: Fix all `golangci-lint` errors and replace remaining panics with explicit error handling.

1 files changed, 8 insertions, 1 deletions

diff --git a/internal/namespace/launcher_src/launcher.c b/internal/namespace/launcher_src/launcher.c
index 60c6558..3f1b919 100644
--- a/internal/namespace/launcher_src/launcher.c
+++ b/internal/namespace/launcher_src/launcher.c
@@ -16,7 +16,14 @@ int main(int argc, char **argv) {
     // Check if we are joining an existing namespace
     char *join_pid_str = getenv("WG_WRAP_JOIN_PID");
     if (join_pid_str != NULL && strlen(join_pid_str) > 0) {
-        int target_pid = atoi(join_pid_str);
+        char *endptr;
+        long target_pid = strtol(join_pid_str, &endptr, 10);
+
+        if (*endptr != '\0' || target_pid <= 0) {
+            fprintf(stderr, "Invalid WG_WRAP_JOIN_PID: %s\n", join_pid_str);
+            return 1;
+        }
+
         if (target_pid > 0) {
             char path[128];
             int fd;