As an admin, I want to be able to partition storage devices such that individual users or agents have exclusive access to distinct ranges of LBA which the administrator cannot access so that users can achieve data sovereignty.

Acceptance Criteria (Userspace)

• [ ] cryptsetup can detect SUM capabilities via the Discovery 0 header.
• [ ] Implementation of CLI commands to 'activate' SUM on a supported device.
• [ ] Ability to map specific LBA ranges to SUM User IDs (Authorities) via cryptsetup.
• [ ] Successful unlocking of a SUM-protected range using user-specific credentials in a non-admin context.
• [ ] Verification that a "Global Admin" cannot unlock a SUM-protected range without the specific SUM-user PIN.
• [ ] Integration with LUKS2 tokens to persist SUM metadata for automated mounting.