fix: prevent systemd hang on restart with podman sandboxes

Add KillMode=process to generated systemd unit file. Without this,
podman's conmon processes (which monitor sandbox containers) block
shutdown since they're children of the gateway process.

This preserves the desired behavior of keeping containers alive
across restarts while preventing systemd from waiting indefinitely.

src/daemon/systemd.ts

@@ -154,6 +154,10 @@ function buildSystemdUnit({
     `ExecStart=${execStart}`,
     "Restart=always",
     "RestartSec=5",
+    // KillMode=process ensures systemd only waits for the main process to exit.
+    // Without this, podman's conmon (container monitor) processes block shutdown
+    // since they run as children of the gateway and stay in the same cgroup.
+    "KillMode=process",
     workingDirLine,
     ...envLines,
     "",