initramfs: fix rootless perms for etc/zinit and add diagnostics

• Ensure host/rootless traversal for zinit configs: make etc/zinit and etc/zinit/init 755 prior to recursive normalization; then set dirs=755, files=644, and mark *.sh executable in [bash.initramfs_setup_zinit()](scripts/lib/initramfs.sh:12)

• Add pre-CPIO sanity logs to catch empty/mis-scoped archives: top-level ls, file count, and essential presence checks in [bash.initramfs_create_cpio()](scripts/lib/initramfs.sh:658)

• Add validation-time sanity snapshot of top-level and entry count in [bash.initramfs_validate()](scripts/lib/initramfs.sh:754)

scripts/lib/initramfs.sh

@@ -38,7 +38,12 @@ function initramfs_setup_zinit() {
     
     # Ensure proper permissions
     safe_execute chmod 755 "${initramfs_dir}/sbin/zinit"
-    safe_execute chmod -R 644 "${initramfs_dir}/etc/zinit"
+    # Make top-level zinit config dirs traversable before recursive fixes (rootless host visibility)
+    safe_execute chmod 755 "${initramfs_dir}/etc/zinit"
+    safe_execute chmod 755 "${initramfs_dir}/etc/zinit/init" 2>/dev/null || true
+    # Directories must be executable; set dirs 755 and files 644, then re-mark scripts executable
+    safe_execute find "${initramfs_dir}/etc/zinit" -type d -exec chmod 755 {} \;
+    safe_execute find "${initramfs_dir}/etc/zinit" -type f -exec chmod 644 {} \;
     safe_execute find "${initramfs_dir}/etc/zinit" -name "*.sh" -exec chmod 755 {} \;
     
     # Create zinit working directories
@@ -707,6 +712,21 @@ function initramfs_create_cpio() {
         log_warn "Customization check: /var/lib/ntp missing"
     fi
 
+    # Pre-CPIO sanity diagnostics
+    log_info "Pre-CPIO sanity: listing top-level entries in ${initramfs_dir}"
+    safe_execute ls -la "${initramfs_dir}"
+    local pre_cpio_file_count
+    pre_cpio_file_count=$(find "${initramfs_dir}" -mindepth 1 | wc -l || echo "0")
+    log_info "Pre-CPIO sanity: ${pre_cpio_file_count} files under ${initramfs_dir}"
+    local _essential_items=("init" "sbin/zinit" "bin/busybox" "etc/zinit" "lib" "usr/bin" "var" "tmp" "proc" "sys" "dev")
+    for _item in "${_essential_items[@]}"; do
+        if [[ -e "${initramfs_dir}/${_item}" ]]; then
+            log_debug "pre-cpio OK: ${_item}"
+        else
+            log_error "pre-cpio missing: ${_item}"
+        fi
+    done
+
     # Change to initramfs directory for relative paths
     safe_execute cd "$initramfs_dir"
     
@@ -757,6 +777,13 @@ function initramfs_validate() {
     section_header "Validating initramfs contents"
     
     local errors=0
+
+    # Sanity snapshot to aid debugging when validation fails
+    log_info "Validation sanity: top-level of ${initramfs_dir}:"
+    safe_execute ls -la "${initramfs_dir}" || true
+    local _count_sanity
+    _count_sanity=$(find "${initramfs_dir}" -mindepth 1 | wc -l || echo "0")
+    log_info "Validation sanity: ${_count_sanity} total entries under ${initramfs_dir}"
     
     # Check essential files and directories
     local essential_items=(