Configure kata-agent to read policy from /run/peerpod/policy.rego

Without an explicit policy_file, kata-agent falls back to
/etc/kata-opa/default-policy.rego and ignores the initdata-provided
policy written by process-user-data. The tmpfiles rule already seeds
/run/peerpod/policy.rego with allow-all.rego at boot, and
process-user-data overwrites it when cc_init_data is present.

Made-with: Cursor

Author: yousef-cohere

src/cloud-api-adaptor/podvm/files/etc/agent-config.toml

@@ -1,2 +1,3 @@
 server_addr = "unix:///run/kata-containers/agent.sock"
 guest_components_procs = "none"
+policy_file = "/run/peerpod/policy.rego"