fix: do not fail cli action tracker when boot id cannot be read

If the `reboot/reset/shutdown/upgrade` action tracker cannot read the boot ID from the node under `/proc/sys/kernel/random/boot_id` due to insufficient permissions (e.g., when `talosctl reboot` is used over Omni), fall back to skipping boot ID check instead of hard-failing.

Closes siderolabs/talos#7197.

Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
(cherry picked from commit 478b862b4c)

cmd/talosctl/pkg/talos/action/tracker.go

@@ -22,6 +22,8 @@ import (
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/backoff"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 
 	"github.com/siderolabs/talos/cmd/talosctl/cmd/common"
 	"github.com/siderolabs/talos/cmd/talosctl/pkg/talos/global"
@@ -31,6 +33,8 @@ import (
 	"github.com/siderolabs/talos/pkg/reporter"
 )
 
+const unauthorizedBootIDFallback = "(unauthorized)"
+
 var (
 	// MachineReadyEventFn is the predicate function that returns true if the event indicates the machine is ready.
 	MachineReadyEventFn = func(event client.EventResult) bool {
@@ -55,6 +59,10 @@ var (
 
 	// BootIDChangedPostCheckFn is a post check function that returns nil if the boot ID has changed.
 	BootIDChangedPostCheckFn = func(ctx context.Context, c *client.Client, preActionBootID string) error {
+		if preActionBootID == unauthorizedBootIDFallback {
+			return nil
+		}
+
 		currentBootID, err := getBootID(ctx, c)
 		if err != nil {
 			return err
@@ -334,6 +342,10 @@ func getBootID(ctx context.Context, c *client.Client) (string, error) {
 
 	body, err := io.ReadAll(reader)
 	if err != nil {
+		if status.Code(err) == codes.PermissionDenied { // we are not authorized to read the boot ID, skip the check
+			return unauthorizedBootIDFallback, nil
+		}
+
 		return "", err
 	}