(Q35) Drive erase preserves boot partition contents

[kat-perez]

Add a #[patina_test] function in patina-dxe-core-qemu that asserts the product invariant: drive erase must not corrupt the boot partition once it's locked.

1. Read the BP via the NVMe Pass-Thru BPRSEL/BPMBL path; hash the contents → H_pre.
2. Call patina_boot::partition::lock_partition_write on the BP device path.
3. Run the drive-erase workflow as defined by Design drive erase workflow #57 (whatever the implementation lands as).
4. Read the BP again; hash → H_post.
5. Assert H_pre == H_post.

Validates the SRE-product invariant: an end user wiping their drive must still be recoverable through the locked SRE recovery image.

The test is intentionally end-to-end. Bugs it catches that the unit test misses:

• Lock applied at the wrong moment in the orchestration.
• Drive erase issuing an NVMe path that doesn't honor BPWPS (e.g. namespace-Format on the BP namespace).
• Race between erase and lock.
• Anything that produces a passing unit test but a corrupted BP in practice.

Depends on: BPWPS rejection unit test (sibling issue) + #57 implementation + a real BP device-path resolver.