fix: pause VM before MMDS injection, resume after to ensure config is applied

- Load snapshot with ResumeVM: false so MMDS data can be written while VM is paused
- Call ResumeVM explicitly after configureMmds succeeds
- Skip PUT /mmds/config on restored VMs (Firecracker rejects it with 400)
- Strip JSON quotes from MMDS values with tr -d '"' in net-init script
- Add 169.254.169.2/32 link-local addr and flush eth0 before applying new IP

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

orchestrator/orchestrator.go

@@ -121,11 +121,13 @@ func (o *Orchestrator) buildRootfs() error {
 	netInitScript := `#!/bin/sh
 # Poll Firecracker MMDS for network config, apply it, then exit.
 # Runs in background; loops until MMDS responds (survives snapshot resume).
+ip addr add 169.254.169.2/32 dev eth0 2>/dev/null
 while true; do
-  ip=$(wget -q -T1 -O- http://169.254.169.254/ip 2>/dev/null)
+  ip=$(wget -q -T1 -O- http://169.254.169.254/ip 2>/dev/null | tr -d '"')
   [ -n "$ip" ] || { sleep 1; continue; }
-  gw=$(wget -q -T1 -O- http://169.254.169.254/gw 2>/dev/null)
-  dns=$(wget -q -T1 -O- http://169.254.169.254/dns 2>/dev/null)
+  gw=$(wget -q -T1 -O- http://169.254.169.254/gw 2>/dev/null | tr -d '"')
+  dns=$(wget -q -T1 -O- http://169.254.169.254/dns 2>/dev/null | tr -d '"')
+  ip addr flush dev eth0 2>/dev/null
   ip addr add "$ip" dev eth0 2>/dev/null
   ip route add default via "$gw" dev eth0 2>/dev/null
   printf "nameserver %s\n" "$dns" > /etc/resolv.conf