docs: describe Libvirt VM network topology and storage architecture
Document how VMs are provisioned, networked, and how persistent storage is attached. ## Dual NIC Topology Each VM is configured with two network interfaces: - `HostOnly` network: isolated private network for secure inter-service communication. - `NAT` bridge network: provides outbound access to external registries and proxy mirrors. This isolates control plane traffic from external internet access paths. ## Direct Storage Pools (Layer `05-foundation-volume`) - Raw block volumes are created as Libvirt volumes and attached as `/dev/vdb` on database and storage nodes. - Decouples the OS partition (`/dev/vda`) from persistent application data. - Enables volume lifecycle management (resize, snapshot) independently of VM images. ## Acceptance Criteria - [ ] Network topology diagram showing HostOnly vs NAT interfaces per VM class. - [ ] Description of storage pool configuration and the `/dev/vda` vs `/dev/vdb` split.
issue