fix(vpn): clean up temp config files on disconnect

[Sentinel-Bluebuilder]

Summary

• WireGuard and V2Ray classes now track their written config file path and clean up on disconnect()
• WireGuard configs are overwritten with zeros before deletion to scrub the private key from disk
• Config file permissions set to 0o600 (owner-only) immediately after creation
• Empty temp directories (sentinel-js-sdk*) are removed after cleanup
• Both classes expose a public cleanup() method for manual/early cleanup

Details

Temp config files created in system temp directories were never deleted. WireGuard configs contain the private key in plaintext, making this both a disk leak and a security risk. V2Ray configs contain node addresses and UUIDs.

Fixes #40

Test plan

• Verify writeConfig() sets configPath and applies chmod 0o600 (WireGuard)
• Verify disconnect() removes the config file and its parent temp dir
• Verify WireGuard config is zero-filled before deletion (scrubs private key)
• Verify cleanup() is safe to call multiple times or with no config written
• Verify V2Ray disconnect() kills process and cleans up config

🤖 Generated with Claude Code

[Sentinel-Bluebuilder]

Superseded by #87 — rebased onto current development after the retarget from main→development auto-closed this one (base-divergence: ahead_by:1, behind_by:24). Same single commit, no content change.