🛡️ Sentinel: [HIGH] Fix insecure directory creation permissions for snapshots

Severity: HIGH
Vulnerability: `src/commands/snapshot.rs` uses `std::fs::create_dir_all` to create the snapshot directory. This relies on the default system umask, meaning sensitive snapshot files could be stored in a directory readable by other users on a shared machine.
Impact: Local privilege escalation or exposure of sensitive user data on a shared machine.
Fix: Replaced `std::fs::create_dir_all` with `crate::paths::create_secure_dir_all`, which correctly creates the directory with `0o700` permissions on Unix platforms.
Verification: Ran `cargo test` which completes successfully.

Co-authored-by: bitcoiner-dev <75873427+bitcoiner-dev@users.noreply.github.com>

Author: google-labs-jules[bot]

src/commands/snapshot.rs

@@ -7,7 +7,7 @@ use std::fs;
 pub async fn run(cli: &Cli, args: &SnapshotArgs) -> Result<CommandOutput, AppError> {
     let profile_path = profile_path(cli)?;
     let snap_dir = snapshot_dir(cli)?;
-    fs::create_dir_all(&snap_dir)
+    crate::paths::create_secure_dir_all(&snap_dir)
         .map_err(|e| AppError::Config(format!("failed to create snapshot dir: {e}")))?;
 
     match &args.action {