fix: ensure github token env path writable for clawdinator

- enforce /run/clawd ownership via tmpfiles z rule
- precreate + chown github-app.env

nix/modules/clawdinator.nix

@@ -572,6 +572,9 @@ in
       "d ${logDir} 0750 ${cfg.user} ${cfg.group} - -"
       "d ${ghConfigDir} 0750 ${cfg.user} ${cfg.group} - -"
       "d /run/clawd 0750 ${cfg.user} ${cfg.group} - -"
+      "z /run/clawd 0750 ${cfg.user} ${cfg.group} - -"
+      "f /run/clawd/github-app.env 0640 ${cfg.user} ${cfg.group} - -"
+      "z /run/clawd/github-app.env 0640 ${cfg.user} ${cfg.group} - -"
       "d ${cfg.memoryDir} 0750 ${cfg.user} ${cfg.group} - -"
       "d ${repoSeedBaseDir} 0750 ${cfg.user} ${cfg.group} - -"
       "d /usr/local/bin 0755 root root - -"