feat(templates): wire SSH+Telnet to sessrec transcript recorder

Build login-session into both images as the swapped root shell, add a
quarantine bind mount for telnet (symmetric to SSH), seed transcripts/
dir and service discriminant at entrypoint. Deployer syncs sessrec.c +
Makefile into each build context alongside the existing syslog_bridge
helper. sessrec falls back to /etc/sessrec.service when env is stripped
(busybox /bin/login).

decnet/services/telnet.py

@@ -31,16 +31,25 @@ class TelnetService(BaseService):
         cfg = service_cfg or {}
         env: dict = {
             "TELNET_ROOT_PASSWORD": cfg.get("password", "admin"),
+            # NODE_NAME is the authoritative decky identifier for log
+            # attribution — matches the host path used for the artifacts
+            # bind mount below.
+            "NODE_NAME": decky_name,
         }
         if "hostname" in cfg:
             env["TELNET_HOSTNAME"] = cfg["hostname"]
 
+        # Quarantine mount symmetric to the SSH service — sessrec appends
+        # pty transcripts to /var/lib/systemd/coredump/transcripts/ inside
+        # the container, which the host sees under artifacts/<decky>/telnet/.
+        quarantine_host = f"/var/lib/decnet/artifacts/{decky_name}/telnet"
         return {
             "build": {"context": str(TEMPLATES_DIR)},
             "container_name": f"{decky_name}-telnet",
             "restart": "unless-stopped",
             "cap_add": ["NET_BIND_SERVICE"],
             "environment": env,
+            "volumes": [f"{quarantine_host}:/var/lib/systemd/coredump:rw"],
         }
 
     def dockerfile_context(self) -> Path: