fix(pi-gen): create bfadmin in chroot, remove pi-gen username/password

Pi-gen username/password config triggers firstboot wizard AFTER
custom stages — reinstalls userconf and undoes our purge. Removed
those params from pi-gen-action config. Now create bfadmin user
directly in chroot script with password expiry on first login.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/workflows/build.yml

@@ -237,10 +237,7 @@ jobs:
         with:
           image-name: betterframe-client-${{ inputs.version }}
           stage-list: stage0 stage1 stage2 ./deploy/pi-gen/stage-betterframe-client
-          # pi-gen default release is trixie (Debian 13).
           enable-ssh: 0
-          username: bfadmin
-          password: betterframe
           locale: en_US.UTF-8
           timezone: Etc/UTC
           hostname: betterframe-kiosk

deploy/pi-gen/stage-betterframe-client/01-install-kiosk/01-run-chroot.sh

@@ -3,6 +3,15 @@
 # systemd unit + cage PAM + plymouth theme. Mirrors setup-pi-kiosk.sh but
 # baked into the image so first boot is fully provisioned.
 
+# --- bfadmin user (replaces pi-gen's username/password config) ---
+# Pi-gen's built-in user setup reinstalls the firstboot wizard AFTER
+# custom stages run. We create the admin user ourselves to avoid that.
+if ! id -u bfadmin >/dev/null 2>&1; then
+  useradd -m -s /bin/bash -G sudo bfadmin
+fi
+echo "bfadmin:betterframe" | chpasswd
+passwd -e bfadmin
+
 # --- bfkiosk user ---
 if ! id -u bfkiosk >/dev/null 2>&1; then
   useradd -m -s /usr/sbin/nologin bfkiosk