Add Pin functionality

Currently, to pin/unpin a deployment, the user has to run ostree admin pin IDX/ostree admin pin -u IDX as root. There's a few issues with this:

• User needs to interpret "index" out of updatectl status, and understand 0-based indexing
• No polkit integration (user needs to manually wrap with doas/sudo/pkexec)
• Doesn't seem to respect the OSTREE_SYSROOT variable

Here's what we can do better: if we route the pin request through os-updated, we get automatic polkit integration so a user can request to pin a deployment w/o root. The CLI automatically respects --sysroot and OSTREE_SYSROOT. Finally, the command becomes a simpler updatectl pin/unpin DEPLOYMENT, where DEPLOYMENT is a user-suitable name for a deployment

The daemon's API could look like this: SetPinned(int deploy_idx, bool pinned). Members of wheel should be allowed to pin/unpin deployments without a polkit prompt