refactor: add trap cleanup for temp files in agent scripts

- Add trap 'rm -f "${ENV_TEMP}"' EXIT after mktemp creation
- Scripts with DOTENV_TEMP get combined trap for both files
- Remove manual rm calls that are now redundant
- Prevents temp file leaks on early script exit (errors, signals)
- Affects 67 agent scripts across all providers

Impact: Prevents /tmp pollution in production deployments
Score: 90 (Impact: 9, Confidence: 10, Risk: 1)

lambda/codex.sh

@@ -44,6 +44,7 @@ fi
 log_warn "Setting up environment variables..."
 
 ENV_TEMP=$(mktemp)
+trap 'rm -f "${ENV_TEMP}"' EXIT
 cat > "${ENV_TEMP}" << EOF
 
 # [spawn:env]
@@ -54,7 +55,6 @@ EOF
 
 upload_file "${LAMBDA_SERVER_IP}" "${ENV_TEMP}" "/tmp/env_config"
 run_server "${LAMBDA_SERVER_IP}" "cat /tmp/env_config >> ~/.zshrc && rm /tmp/env_config"
-rm "${ENV_TEMP}"
 
 echo ""
 log_info "Lambda Cloud instance setup completed successfully!"