fix(mother): atomic provider.env write + jq in disk-install pkgs

Two fixes from PR #98 comment 1626 review:

1. Atomic provider.env write: mktemp now creates temp in same directory
   (/usr/local/etc/colibri/) so mv is atomic. Replaces cat > (truncate)
   pattern that could empty the file on disk-full/signal/power loss.

2. Add jq to pkg-list-disk-install-extras: jq is in live-operator + jails
   but not the disk-install host list. clawdie-enable-mother.sh uses jq;
   deployed hosts need it.

live/operator-session/clawdie-enable-mother.sh

@@ -145,12 +145,11 @@ echo "[4/5] Enabling external MCP calls..."
 mdo -u root sh -c '
     set -eu
     f="$1"
-    tmp="$(mktemp)"
+    tmp="$(mktemp "$(dirname "$f")/.provider.env.XXXXXX")"
     grep -v "^COLIBRI_MCP_EXTERNAL_CALL=" "$f" >"$tmp" 2>/dev/null || :
     printf "COLIBRI_MCP_EXTERNAL_CALL=\"1\"\n" >>"$tmp"
-    cat "$tmp" >"$f"
-    rm -f "$tmp"
-    chmod 0600 "$f"
+    chmod 0600 "$tmp"
+    mv "$tmp" "$f"
 ' sh "$PROVIDER_ENV"
 
 # 5. Restart the daemon so the Pi inherits the new env + registry.

packages/pkg-list-disk-install-extras.txt

@@ -1,6 +1,9 @@
 # Disk-install extras — fetched into the offline repository, not installed on the live USB.
 # TODO: Installed by disk-install path, not live USB. See FIRSTBOOT.md when disk install lands.
 #
+# clawdie-enable-mother.sh uses jq to merge mother entries into external-mcp.json.
+# Include it here so disk-installed hosts can run the script post-deploy.
+jq
 # Two categories live here. They share the same code path (fetched to the
 # offline repo, not installed on live) but have different long-term homes:
 #