Add focused unit tests for the staged-jail env payload helpers in
spawner.rs (shell_single_quote, valid_env_key, build_env_script) — they
generate shell injected into the jail launcher and were previously only
exercised indirectly. Tests assert single-quote escaping, metachar
neutralization, env-key validation, and sorted/quoted script generation.
Re-scope PRIORITY-HANDOFF-ISO-SPAWN-COST.md Priority 1: the clawdie-iso
build now stages binaries, installs rc.d, creates the colibri user, and
enables the service (build.sh::install_colibri_service). Remaining work is
boot/runtime validation on FreeBSD, not build wiring. P2/P3 unchanged.
colibri-daemon: 70 tests pass (was 62); fmt + clippy clean; md gate clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
