fix(security): shell-quote package names in cloud-init scripts (#3220)

Apply shellQuote() to package names interpolated into startup scripts
across all four cloud providers (GCP, AWS, Hetzner, DigitalOcean).
Defense-in-depth against supply chain attacks where compromised package
lists could inject shell metacharacters into root cloud-init scripts.

Fixes #3216

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

packages/cli/src/hetzner/hetzner.ts

@@ -304,6 +304,7 @@ export async function ensureSshKey(): Promise<void> {
 
 function getCloudInitUserdata(tier: CloudInitTier = "full"): string {
   const packages = getPackagesForTier(tier);
+  const quotedPackages = packages.map((p) => shellQuote(p)).join(" ");
   const lines = [
     "#!/bin/bash",
     "export HOME=/root",
@@ -311,7 +312,7 @@ function getCloudInitUserdata(tier: CloudInitTier = "full"): string {
     "# Guarantee the cloud-init marker is written on exit (success, failure, or signal)",
     "trap 'touch /home/ubuntu/.cloud-init-complete 2>/dev/null; touch /root/.cloud-init-complete' EXIT",
     "apt-get update -y || true",
-    `apt-get install -y --no-install-recommends ${packages.join(" ")} || true`,
+    `apt-get install -y --no-install-recommends ${quotedPackages} || true`,
   ];
   if (needsNode(tier)) {
     lines.push(`${NODE_INSTALL_CMD} || true`);