[rust-launcher] Replace expect()/unwrap() calls in production code with proper error handling #2602
Description
Context
Follow-up from PR #2326 (port node launcher to Rust). Tracked in #2598.
Problem
There are 6 expect()/unwrap() calls in non-test production code in crates/tee-launcher/src/main.rs that will panic instead of returning a proper error. These should use the ? operator with appropriate LauncherError variants.
Locations
| Line | Code | Risk |
|---|---|---|
| 307 | .expect("bearer token received from docker auth is a valid header value") |
High -- panics if registry returns malformed token |
| 475 | .expect("is valid digest") |
High -- panics if docker inspect returns unexpected output |
| 173 | .expect("tee config serializes to TOML") |
Medium -- unlikely but possible |
| 144 | .expect("re-serializing a toml::Table always succeeds") |
Medium |
| 504 | .expect("port list is serializable") |
Medium |
| 138 | .expect("image digest file has a valid path") |
Low -- hardcoded constant |
Suggested Fix
Convert each to ? with a proper error variant. Example for line 307:
// Before:
.expect("bearer token received from docker auth is a valid header value");
// After:
.map_err(|_| LauncherError::RegistryAuthFailed("invalid bearer token format".to_string()))?;New error variants may be needed for cases that don't fit existing ones.