install: stage pxe-setup.sh at /usr/local/sbin/vetting-pxe-setup

proxmox-install.sh tarball-extracts into a tempdir that gets wiped on
EXIT, so after the one-liner there's no pxe-setup.sh on disk for the
operator to run. Have install.sh drop the script + ipxe-shas.txt into
/usr/local/share/vetting/ and symlink it as
/usr/local/sbin/vetting-pxe-setup (in PATH).

pxe-setup.sh now readlink -f's BASH_SOURCE so the symlink resolves to
the share dir where ipxe-shas.txt lives, and gracefully handles the
case where install.sh already staged vmlinuz + initrd.img into
LIVE_DIR (no bundle live-image/ needed at that point).

Update the trailing hint in proxmox-install.sh and the operations
runbook to surface the new `sudo vetting-pxe-setup ...` command.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

docs/operations.md

@@ -73,15 +73,19 @@ That means **no dedicated bridge, no VLAN, no cabling changes**. The
 LXC just needs an interface on the same L2 segment as the hosts
 you're repairing — typically `eth0` on the LAN bridge.
 
-On the LXC, inside the extracted bundle:
+On the LXC, after the one-liner install completes:
 
 ```
-sudo ./pxe-setup.sh \
+sudo vetting-pxe-setup \
     --interface eth0 \
     --subnet 192.168.1.0/24 \
     --orchestrator-url http://<lxc-lan-ip>:8080
 ```
 
+(`vetting-pxe-setup` is a symlink installed into `/usr/local/sbin/` by
+`install.sh`, pointing at the `pxe-setup.sh` script and `ipxe-shas.txt`
+staged under `/usr/local/share/vetting/`.)
+
 The script:
 
 - Fetches `ipxe.efi` + `undionly.kpxe` from boot.ipxe.org and verifies
@@ -103,7 +107,7 @@ exists, iPXE binaries are on disk, `subnet` parses as CIDR) and
 exits non-zero with a clear error if anything's wrong, instead of
 failing silently when a host first PXE-boots.
 
-`pxe-setup.sh` is idempotent — safe to re-run. Pass `--force` to
+`vetting-pxe-setup` is idempotent — safe to re-run. Pass `--force` to
 overwrite a hand-edited `pxe:` block.
 
 **Router caveat.** Most home/prosumer routers (UniFi, Asus, Netgear,