feat: remote commands, systemd units, process observability, broker auth split

- Command intake (reboot/shutdown) on infoscreen/{uuid}/commands with ack lifecycle
- MQTT_USER/MQTT_PASSWORD_BROKER split from identity vars; configure_mqtt_security() updated
- infoscreen-simclient.service: Type=notify, WatchdogSec=60, Restart=on-failure
- infoscreen-notify-failure@.service + script: retained MQTT alert when systemd gives up (Gap 3)
- _sd_notify() watchdog keepalive in simclient main loop (Gap 1)
- broker_connection block in health payload: reconnect_count, last_disconnect_at (Gap 2)
- COMMAND_MOCK_REBOOT_IMMEDIATE_COMPLETE canary flag with safety guard
- SERVER_TEAM_ACTIONS.md: server-side integration action items
- Docs: README, CHANGELOG, src/README, copilot-instructions updated
- 43 tests passing

scripts/infoscreen-cmd-helper.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Privileged command helper for remote reboot/shutdown actions.
+# Intended installation path: /usr/local/bin/infoscreen-cmd-helper.sh
+# Suggested sudoers entry:
+# infoscreen ALL=(ALL) NOPASSWD: /usr/local/bin/infoscreen-cmd-helper.sh
+
+if [[ $# -ne 1 ]]; then
+  echo "usage: infoscreen-cmd-helper.sh <reboot_host|shutdown_host>" >&2
+  exit 2
+fi
+
+action="$1"
+
+case "$action" in
+  reboot_host)
+    exec systemctl reboot
+    ;;
+  shutdown_host)
+    exec systemctl poweroff
+    ;;
+  *)
+    echo "unsupported action: $action" >&2
+    exit 1
+    ;;
+esac