fix(framework/tools): eval injection, broken JSON, tmpfile leak (#548)

F-01 (HIGH): issue-edit.sh and issue-assign.sh used string interpolation
+ eval to build CLI commands. Replace all eval sites with Bash arrays so
user-supplied values (title, body, labels) are never shell-expanded.
For the Gitea path, replace get_gitea_repo_args() (which emits %q-escaped
strings designed for eval) with get_repo_slug() + get_gitea_login() so
repo/login are passed as properly-quoted array elements.

F-07 (MED): milestone-create.sh built the GitHub API JSON payload by
string interpolation — a title containing " or $ broke the JSON. Rebuild
with jq -n --arg so all values are safely serialised. Optional description
key is omitted when empty, preserving existing behaviour.

F-13 (LOW): pr-metadata.sh created a mktemp tmpfile inside
curl_gitea_pull() but only removed it in success paths. Add
trap 'rm -f "$body_file"' EXIT immediately after mktemp so early-exit
paths (set -e, SIGINT) also clean up.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Kt2D8TsnDwhtzEAPijsNmR

packages/mosaic/framework/tools/git/pr-metadata.sh

@@ -56,6 +56,8 @@ curl_gitea_pull() {
     local api_url="$1"
     local token basic_auth raw_code body_file http_code
     body_file=$(mktemp)
+    # Ensure the tmpfile is removed even on early exit (set -e, SIGINT, etc.)
+    trap 'rm -f "$body_file"' EXIT
 
     token=$(get_gitea_token "$HOST" || true)
     if [[ -n "$token" ]]; then