install: Make some "lints" default fatal

[cgwalters]

Our base image has an empty /var, and things like RPMs/debs that for legacy reasons write to /var/run will create it as a directory which will just break a lot of things, but often not totally fatally.

• https://issues.redhat.com/browse/RHEL-25756 (originally Fix for /var content (ostreedev PR #569) doesn't seem to be in the latest centos-bootc-dev base image CentOS/centos-bootc#140 )
• https://gitlab.com/fedora/bootc/base-images/-/issues/28 (e.g. Fedora's audit package has /var/run)

We added a lint against this in RUN bootc container lint but not many people know to use that yet.

Almost all of what we have as lints today should be fatal at install time by default. The only exception is usr/etc needs to be a soft, not hard error for compat today.

(Also we should warn client side too! But install time would help a lot for now)

[cgwalters]

Specifically related to /var/run, it'd also just paper over this entirely if we encouraged shipping that by default in the image, which is quite tempting to do.

But larger picture, we should also try to just convert all packages and other tools to stop using var/run.