chore: initial skeleton

- docs/architecture.md: native rewrite plan (5 services + control plane,
  Active-Active cluster like nmg, Floating-IP for HTTP ingress)
- cmd/edgeguard-{api,scheduler,ctl}: minimal Gin + CLI stubs
- packaging/debian/edgeguard-{api,ui,meta}: control + maintainer scripts
- deploy/systemd/edgeguard-api.service + edgeguard-scheduler.service
  with hardening defaults
- Makefile: build / cross-compile (amd64+arm64) / deb / publish targets
- scripts/install.sh + scripts/apt-repo/build-package.sh stubs

deploy/systemd/edgeguard-scheduler.service

@@ -0,0 +1,28 @@
+[Unit]
+Description=EdgeGuard Scheduler (cron-like jobs)
+Documentation=https://git.netcell-it.de/projekte/edgeguard-native
+After=edgeguard-api.service
+Requires=edgeguard-api.service
+
+[Service]
+Type=simple
+User=edgeguard
+Group=edgeguard
+ExecStart=/usr/bin/edgeguard-scheduler
+Restart=on-failure
+RestartSec=10
+
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+SystemCallFilter=@system-service
+ReadWritePaths=/var/lib/edgeguard /var/log/edgeguard
+
+[Install]
+WantedBy=multi-user.target