Harden installer disk target validation and live-media exclusion

[Copilot]

This PR addresses review feedback on installer safety checks in scripts/install.sh. It tightens --disk validation and makes live-boot detection more precise to prevent destructive operations on invalid or active boot media.

• Disk argument hardening (--disk)

  • Require block device type disk via lsblk -ndo TYPE before accepting --disk.
  • Reject non-disk targets (including partition/symlink-path bypass cases) with clear guidance.

• Live boot media protection

  • Add is_live_boot_disk() to detect currently booted install media.
  • Apply this check to --disk preselection and reject live medium as install target.

• Safer live-label matching

  • Replace broad substring matching with anchored/prefix-aware checks for known live labels (ARCHISO, CVH_LINUX_, CODEVERSE_) to avoid excluding unrelated disks.

• Interactive disk list filtering

  • Add get_installable_disks() and use it in disk selection so live media is excluded from presented candidates.

• User-facing error formatting

  • Fix spacing/indentation in the rejection message (" Select a different disk.").

# before accepting --disk
if [[ "$(lsblk -ndo TYPE "$2" 2>/dev/null)" != "disk" ]]; then
  echo -e "${RED}[ERROR]${NC} '$2' must be a whole-disk device ..."
  exit 1
fi

if is_live_boot_disk "$2"; then
  echo -e "${RED}[ERROR]${NC} '$2' is the live boot medium. You cannot install to it."
  echo -e "  Select a different disk."
  exit 1
fi