fix(bootstrap): pre-create daemon staging dir in agent jails

Second root cause of the jail-spawn EACCES (found via truss, docs PR #132):
for staged spawns the daemon writes launch.sh/env.sh under
<jail_root>/var/run/colibri-stage/<stage_id>/, but nothing created
/var/run/colibri-stage. The daemon runs as clawdie and cannot mkdir under
root-owned /var/run, so staging failed with Permission denied.

agent-jail-bootstrap.sh now pre-creates the dir owned by the daemon user
(0700), replacing the runtime `chmod 777` workaround — durable across jail
rebuilds and not world-writable (staged files are sourced as shell, so a
world-writable staging dir would be a privilege footgun). DAEMON_USER is
overridable, defaulting to clawdie.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

packaging/freebsd/agent-jail-bootstrap.sh

@@ -11,6 +11,7 @@ set -eu
 
 JAIL_NAME="${1:-}"
 PKG_CACHE_DIR="${PKG_CACHE_DIR:-/var/cache/pkg}"
+DAEMON_USER="${DAEMON_USER:-clawdie}"
 
 # The jail name becomes a path component, so reject anything that could escape
 # /usr/local/bastille/jails/<name>/root (empty, traversal, odd characters).
@@ -97,4 +98,11 @@ if ! grep -q '/etc/profile.d/clawdie-npm.sh' "${JAIL_ROOT}/etc/profile" 2>/dev/n
         >> "${JAIL_ROOT}/etc/profile"
 fi
 
+# Pre-create the daemon's per-spawn staging directory. The daemon runs as
+# ${DAEMON_USER} and stages launch.sh/env.sh under <stage_id> subdirs here, so
+# it must own this directory. Created clawdie-owned 0700 rather than left for a
+# root-owned /var/run to block (the spawn EACCES) or patched world-writable.
+install -d -o "${DAEMON_USER}" -g "${DAEMON_USER}" -m 0700 \
+    "${JAIL_ROOT}/var/run/colibri-stage"
+
 echo "Done — ${JAIL_NAME} ready for vault provision."