WIFI-14904 Refactor: remove dd usage and replace mount copy with overlayfs

This patch addresses reviewer feedback:

- Replaces dd with direct tar extraction from the mtdblock device, avoiding unnecessary intermediate steps.
- Removes the manual copy/restore flow for /certificates mount by switching to an OverlayFS-based solution when a read-only squashfs or ubifs is detected.

Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>

feeds/tip/certificates/files/usr/bin/mount_certs

@@ -65,11 +65,9 @@ sonicfi,rap6*)
 		mtd_dev=$(find_mtd_index $bootconfig)
 		block_size=$(cat /sys/class/mtd/mtd$mtd_dev/size)
 		mkdir -p /certificates
-		dd if=/dev/mtdblock$mtd_dev of=/tmp/certs.tar bs=$block_size count=1
-		if tar tf /tmp/certs.tar > /dev/null 2>&1; then
-			tar xf /tmp/certs.tar -C /certificates
+		if tar tf /dev/mtdblock$mtd_dev > /dev/null 2>&1; then
+			tar xf /dev/mtdblock$mtd_dev -C /certificates
 		fi
-		rm -f /tmp/certs.tar
 	fi
 
 	if [ ! -f /certificates/cert.pem ] || [ ! -f /certificates/key.pem ]; then
@@ -85,12 +83,15 @@ sonicfi,rap6*)
 			fi
 		fi
 
-		if mount | grep "/certificates" | grep -qE "squashfs|ubifs"; then
-			mkdir -p /tmp/certs_backup
-			cp -a /certificates/* /tmp/certs_backup/
-			umount /certificates
-			mkdir -p /certificates
-			cp -a /tmp/certs_backup/* /certificates
+		overlay_name="certs_overlay"
+
+		if mount | grep "/certificates" | grep -qE "squashfs|ubifs" && \
+			! mount | grep "/certificates" | grep -q "$overlay_name"; then
+			mkdir -p /tmp/certs_upper /tmp/certs_work /tmp/certs_merged
+			mount -t overlay "$overlay_name" \
+				-o lowerdir=/certificates,upperdir=/tmp/certs_upper,workdir=/tmp/certs_work \
+				/tmp/certs_merged
+			mount --bind /tmp/certs_merged /certificates
 		fi
 	fi
 	;;