[nanvix-http] B: serve_kill waits for VM exit

[esaurez]

Summary

Re-order the cleanup in nanvix-http's serve_kill so the VMM task is awaited before the gateway bridge is aborted. A small, surgical correctness fix that was previously silent on Unix and becomes user-visible on Windows once the cross-platform gateway endpoint lands (#18).

Base

This PR is stacked on #18 (enhancement-windows-http-mode). The new bridge field name (gateway_sockaddr) and cfg(unix)-gated remove_file are introduced there.

What changed

// before
running._gateway_bridge.abort();
#[cfg(unix)]
let _ = std::fs::remove_file(&running.gateway_sockaddr);
match running.handle.wait().await { ... }

// after
let wait_result = running.handle.wait().await;
running._gateway_bridge.abort();
#[cfg(unix)]
let _ = std::fs::remove_file(&running.gateway_sockaddr);
match wait_result { ... }

The match arm now operates on the saved wait_result.

A multi-paragraph comment captures the rationale and documents the invariant the new ordering relies on: the bridge's consumer (the gateway UDS peer on Unix or the named-pipe peer on Windows) must keep draining the bytes the bridge forwards. If a future consumer stops reading mid-stream, the connection write back-pressures the bridge, the bridge stops draining output_rx, the io_handler eventually blocks on output_tx.send().await (once the bounded channel buffer fills), and the guest stalls without reaching VM exit — which would hang the KILL response.

The same RunningVm.handle/bridge are also torn down in StandaloneState::cleanup(), but cleanup() uses abort_and_wait() (forced shutdown) where the drain invariant does not apply. A short comment in cleanup() records this asymmetry so a future contributor does not "harmonise" the two paths.

Why this matters

The previous order aborted the bridge as soon as the shim's KILL arrived, which closed output_rx while the guest was still writing to stdio. Every subsequent guest write then failed at the io_handler with output channel closed. The consequences:

• Unix: gateway-socket consumers (e.g., the in-tree test harness) see an abrupt EOF instead of a graceful close.
• Windows (after [nanvixd] E: Enable HTTP mode on Windows #18): the same code path is what the containerd shim's gateway-pipe consumer reads. Without this fix, the consumer loses every byte the guest writes after the shim's KILL arrives — ~60 s of output for typical CPython workloads — and the guest exits 120 from the resulting BrokenPipeError.

After the fix, the bridge ends naturally when the io_handler closes output_tx at VM teardown: output_rx.recv() returns None, the bridge's read loop terminates, and the spawned task resolves on its own. The abort() after wait() is retained as defensive cleanup in case the bridge has not yet released its connection handles by the time we return the KILL response.

Why it's safe

• The order swap moves a single await earlier; the function's semantics (return KILL exit code after the VM exits) are unchanged.
• _gateway_bridge.abort() no longer races with output_tx: the io_handler has already closed it from the VMM side by the time wait() returns.
• The new ordering does not introduce a deadlock for well-behaved consumers (those satisfying the drain invariant documented in the code comment).

Tests

No straightforward unit test for this path (requires a live VM + bridge). Existing standalone integration coverage exercises the new ordering implicitly. z.ps1 build, z.ps1 build -- format-check, z.ps1 build -- lint-check, and z.ps1 build -- spellcheck all pass on Windows.

Notes for reviewers

• This PR is part of a 4-PR series enabling the Windows shim path ([nanvixd] E: Enable HTTP mode on Windows #18 cross-platform standalone gateway, [uservm] E: Named-pipe-aware stderr on Windows #19 named-pipe-aware stderr, [nanvixd] E: Add -log-to-stdout flag #21 nanvixd -log-to-stdout). It is the smallest of the four.
• The fix is logically independent on Unix and is a quality-of-implementation improvement there even without the Windows shim path; it just becomes user-visible once [nanvixd] E: Enable HTTP mode on Windows #18 lands.
• Stacked-PR ordering: merge [nanvixd] E: Enable HTTP mode on Windows #18 first, then this one.