Support FortiOS 7.6.6 and 8.0.0 rootfs decryption

[freeqaz]

Adds support for newer FortiOS rootfs verifier layouts observed in FortiGate 7.6.6 and 8.0.0, while keeping the existing legacy decrypt path as a fallback. Also adds a guarded legacy stack-size locator fallback inspired by #2.

Changes:

• Adds ELF section parsing and __ksymtab-based rsa_parse_pub_key discovery for newer kernels with tampered kallsyms.
• Recovers the newer XOR-obfuscated RSA public key material.
• Verifies the RSA trailer and encrypted rootfs SHA256.
• Adds the newer custom stream body decryptor, including both tested PRGA initialization variants.
• Replaces the legacy shell-pipeline locator with parsed objdump output.
• Adds a legacy stack-size fallback locator for symbolization edge cases reported on nearby 7.4.x builds.
• Cleans up README usage, validation, extraction, compatibility, and troubleshooting docs.

Validation performed:

• python3 -m py_compile decrypt_rootfs.py
• git diff --check
• FortiGate 7.6.6 decrypted output passed gzip -t and matched known-good output byte-for-byte.
• FortiGate 8.0.0 decrypted output passed gzip -t and matched known-good output byte-for-byte.

Notes:

• Reviewed the other open upstream PRs before updating this branch. Use stack size when finding decryption routine and seed #2 was folded in as a guarded fallback. Update for FGT_VM64_ALI-v7.6.3.F-build3510 #3 was not merged because the submitted change is not backward compatible and the 7.6.3 ALI image was not available here for validation.
• This code was written with assistance from OpenAI Codex.