[SPARC] Don't combine misaligned memory ops with BSWAP (#206345)
Doing it will result in a misaligned LD*A/ST*A instruction, which will
raise a bus error.
This should fix the failure in `clamscan` test.
[LifetimeSafety] Support field-sensitivity in lifetime tracking
This patch enables field-sensitivity when tracking lifetimes of nested objects.
- FactsGenerator now generates `PathElement::getField` for `MemberExpr` accesses, mapping fields to loans.
- LoanPropagation now propagates field paths along flow facts, appending fields to base loans.
- Removes false-positive warnings in `invalidations.cpp` where modifications to one field were incorrectly reported as invalidating iterators/pointers to another field.
- Adds comprehensive unit tests checking nested field access and placeholder fields.
TAG=agy
CONV=2cfd8d00-18d7-4a03-8d78-2aba2f9a8f23
Convert system.advanced plugin to the typesafe pattern
## Problem
`system.advanced` was an old dict-based CompoundService — five files each declaring the same service over one namespace — whose `config()`/`update()` returned untyped dicts. Neither its API surface nor its many in-process consumers were type-checked, and dict-vs-model breaks could only be caught at runtime.
## Solution
Reworked the plugin into the typesafe shape and fixed every internal caller:
- **Lean service + part.** `SystemAdvancedService` is now a `GenericConfigService[SystemAdvancedEntry]` delegating to `SystemAdvancedConfigServicePart`; the non-config methods (serial/syslog/gpu/nvidia) became plain, fully-typed module functions. Every public method is `@api_method(..., check_annotations=True)`.
- **do_update.** Model-first (`old_config`/`new_config` as `SystemAdvancedEntry`), but preserves the existing "validate only the fields that actually changed" semantics by keeping the shared `SettingsHelper` and feeding it `model_dump()` of old/new. Deprecated `consolemsg` and the `sed_passwd`/`kmip_uid` side-channels (not on the Entry) are handled explicitly; the side-effect cascade (service restarts, etc.generate, kmip, initramfs, tty/grub, nvidia) is unchanged.
- **Consumers.** Fixed every in-process caller on both axes — dict access to attribute access, and string `middleware.call('system.advanced.*')` to typed `call2`/`call_sync2` — across boot, docker, pool, ups, disk SED (now unwrapping the `Secret` result), audit, device, grub/initramfs, the cert-attachment delegate, libvirt gpu, and the motd/kdump/cron/docker/syslog-ng renderers. Raw `adv_`-prefixed `datastore.config`/`update` callers stay dicts.
- **Registration + CI.** Registered `system.advanced` in `main.py`'s `SystemServicesContainer`, added the plugin to `mypy.yml`, and loosened the shared `SettingsHelper` validator type so concrete validator signatures type-check. Updated the two unit tests that constructed the old compound service / mocked the config as a dict.