Do not duplicate syslinux on the ISO root filesystem
The solution to #7345 duplicates syslinux, both inside the squashfs and on the image's root fs. We could avoid that and use the in-squashfs syslinux binary without root privileges by employing stuff like
fuseiso (in Debian),
squashfuse (not in Debian, but see  below), and
fakechroot (in Debian) instead of a real chroot for running the syslinux binary. Or similar tools.
Beyond eliminating the duplication of syslinux, we'd get the "mechanism to run post-upgrade scripts" mentioned in #7345#note-4, which may come in handy in the future.
 As an alternative to squashfuse it should be easy to make a
sudo-safe wrapper around
mount -o loop -t squashfs ..., that checks that the destination folder is writeable by the