ostree-ext explicitly handles authfile paths as relative; this works fine for most callers of get_global_authfile, as they only read the returned open file descriptor, and ignore the path. However, pulling logically bound images requires passing the actual authfile path to Podman, so we must resolve the absolute path in this case - otherwise, we see errors like the following:

```
[root@fedora ~]# bootc upgrade
layers already present: 69; layers needed: 1 (242.2 MB)
Fetched layers: 230.95 MiB in 3 seconds (90.88 MiB/s)
Deploying: done (3 seconds)
Fetching bound image: quay.io/prometheus/node-exporter:v1.10.2: done (0 seconds)
error: Upgrading: Staging: Pulling bound images: Pulling bound images: Failed to pull image: Subprocess failed: ExitStatus(unix_wait_status(32000))
Error: credential file is not accessible: faccessat etc/ostree/auth.json: no such file or directory
```

Since cap_std::fs::Dir intentionally does not expose its filesystem path, we must resort to reconstructing it from a file descriptor. We could do this by inspectingthe file descriptor for `sysroot` and combining that with the relative path returned by get_global_authfile, but since get_global_authfile returns the descriptor of the actual authfile, we can simply read that directly.