Add configuration linter

[antitree]

Melange Pull Request Template

Functional Changes

• This change can build all of Wolfi without errors (describe results in notes)

Notes:

SCA Changes

• Examining several representative APKs show no regression / the desired effect (details in notes)

Notes:
Running melange lint-config . on wolfi-dev/os commit id 61ae1a27a identifies many issues such as background processes that don't handle a redirect properly. Running it against the latest version shows that they've since been addressed.

Linter

• The new check is clean across Wolfi (N
• The new check is opt-in or a warning

Notes:
This does NOT return a clean result in wolfi. Here is an example of the output

2025/07/09 23:00:43 ERRO Package: harbor-2.13: [background-process-without-redirect]: background process missing output redirect: nginx -g "daemon off;" & sleep 5; kill $! (WARNING)
2025/07/09 23:00:43 ERRO Package: harbor-scanner-trivy: [background-process-without-redirect]: background process missing output redirect: scanner-trivy & sleep 3; kill $! (WARNING)
2025/07/09 23:00:43 ERRO Package: langfuse: [background-process-without-redirect]: background process missing output redirect: redis-server --daemonize yes (WARNING)
2025/07/09 23:00:43 ERRO Package: nats-top: [background-process-without-redirect]: background process missing output redirect: nats-top -sort uptime -u -o nats-output-0.6.3.txt & sleep 1 (WARNING)
2025/07/09 23:00:43 ERRO Package: neuvector-manager: [background-process-without-redirect]: background process missing output redirect: java -jar /usr/local/bin/admin-assembly-1.0.jar & sleep 2; kill $! (WARNING)
2025/07/09 23:00:43 ERRO Package: pgpool2-4.6: [background-process-without-redirect]: background process missing output redirect: psql -U $PG_USER -h localhost -p $PGPOOL_PORT -d ${PG_DB} -c "SELECT pg_sleep(60);" & sleep 1 (WARNING)
2025/07/09 23:00:43 ERRO Package: proxysql: [background-process-without-redirect]: background process missing output redirect: proxysql --daemon --config-file=./proxysql.cnf (WARNING)
2025/07/09 23:00:43 ERRO Package: redka: [background-process-without-redirect]: background process missing output redirect: redka& (WARNING)
2025/07/09 23:00:43 ERRO Package: tailscale: [background-process-without-redirect]: background process missing output redirect: containerboot & (WARNING)
2025/07/09 23:00:43 ERRO Package: xcover: [background-process-without-redirect]: background process missing output redirect: --detach (WARNING)

This is a new item that shows up under melange -h but is not used anywhere by default.

[justinvreeland]

👍🏻 It wasn't clear to me at first that these linters are largely lifted from the existing wolifctl linters. It'd be nice to put that in the PR message somewhere so that future history splunkers can find the originals. Looks good to me though. I'd like to have more of the linters in one place.