KESL 12.1.0-1297 image, Ubuntu 24.04 base, transparent UX

- Pinned download URL for KESL 12.1.0-1297 (public Kaspersky CDN, 2024-07).
- answer.txt updated to v12 autoinstall format: GROUP_CLEAN required,
  LOCALE=en_US.utf8 (en_US alone is rejected), INTERCEPTOR_MODE.
- start.sh detects v10 (/etc/init.d/kesl-supervisor) vs v12
  (/etc/init.d/kesl) and polls kesl-control until the daemon answers,
  because v12's first start runs an integrity check (~30s).
- Modes (shell/version/scan/debug) and scan output format unchanged so
  existing parsers keep working.
- README + build script point to tabledevil/kaspersky12.
- test_smoke.sh validates image + version + EICAR; auto-skips on macOS
  (Rosetta blocks the daemon).

Validated end-to-end on amd64 Linux:
  - 46 known-malicious files (LS26 detections) all flagged again
  - DetectSource=Local with --network=none + USE_KSN=No, no KSN calls

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

readme

@@ -1,27 +1,9 @@
-#installer help
-/opt/kaspersky/kesl/bin/kesl-setup.pl -h
+Kaspersky Endpoint Security for Linux 12 — offline on-demand scanner.
 
-#start service
-/etc/init.d/kesl-supervisor start
+Modes (passed as the container CMD):
+  shell    Start service, print this readme, drop to bash.
+  version  Print KESL version + base /etc/issue.
+  scan     Scan /data with --action Skip; print ThreatDetected events.
+  debug    Bash without starting service.
 
-#scan folder
-kesl-control --scan-file /
-
-#scan folder without trying to delete
-kesl-control --scan-file --action Skip /
-
-#get quarantined Files
-kesl-control -B --query
-
-#get Logs
-kesl-control -E --query
-
-#get just the detected Threats from Logs
-kesl-control -E --query 'EventType == "ThreatDetected"'
-
-
-#get license info
-kesl-control -L --query
-
-#get appinfo
-kesl-control -S --app-info
+Mount the target read-only at /data.