Validate rendered cloud-init templates against official schema

[ret2libc]

Summary

• Add jsonschema as a dev dependency
• Add two new tests that render the default Jinja2 cloud-init template (with/without Tailscale) and validate the output against the official cloud-init JSON schema
• Schema is fetched at test time via a module-scoped fixture; tests skip gracefully if the network is unavailable

Test plan

• uv run pytest tests/test_cloudinit.py -v — all 6 tests pass
• uv run pytest -v — full suite (291 tests) passes with coverage above threshold
• prek run — all pre-commit hooks pass
• Verify tests skip correctly when offline (disconnect network, run tests)

🤖 Generated with Claude Code

[ret2libc]

JFYI:

Context

PR #63 (feat/cloudinit-schema-validation) adds tests that validate rendered cloud-init templates against the official cloud-init JSON schema. Currently, the schema is fetched from GitHub main branch at test time. Three reviewers raised concerns:

1. BradSwain: Fetching from main means we validate against the latest schema, but older distros may not support newer keys. Should pin to the lowest cloud-init version among supported DO distros. Commit schema to repo to avoid network dependency.
2. DarkaMaul: Agrees — schema should be in the repo, with a GH Action to update periodically. Prefers running tests offline.
3. ret2libc: Minor formatting fix (already applied in f49a471).

Research findings

Lowest cloud-init version on current DigitalOcean images:

Distro	DO Slug	cloud-init version
Debian 12	debian-12-x64	22.4.2 (lowest)
Rocky/Alma/CentOS 8-9	various	23.4
Ubuntu 22.04	ubuntu-22-04-x64	24.x+ (updated via apt)
Ubuntu 24.04	ubuntu-24-04-x64	24.1+
Fedora 42+	fedora-42-x64	24.2+

Minimum: 22.4.2 (Debian 12 bookworm, which freezes packages).

The schema at tag 22.4.2 uses JSON Schema Draft 4 ($schema: http://json-schema.org/draft-04/schema#), same as current main. The file is ~130KB.