fix(google_oauth): close TOCTOU window when saving credentials

[CharlieKerfoot]

Problem

save_credentials created the temp file via open(tmp, "w") and only chmodedd it to 0o600 afterward. Between the create and the chmod, the file existed on disk at the process umask (commonly 0o644 aka publicly readable). On a multi-user host or a container with a permissive umask, another local user could read the Google OAuth refresh and access tokens during the short write window. The lock file at line 181 already opens with os.open(..., 0o600), so it makes sense for the credentials file to too.

Fix

• Replace open(tmp, "w") + later os.chmod with os.open(tmp, O_WRONLY|O_CREAT|O_EXCL, 0o600) wrapped in os.fdopen. The file never exists at any other mode.
• Tighten the parent dir to 0o700 with os.chmod(path.parent, 0o700) after mkdir, so sibling users can't traverse into the creds dir. Wrapped in try/except for Windows where POSIX modes aren't enforced (no-op).

Tests

• uv run pytest tests/agent/test_gemini_cloudcode.py 85/85 tests passed
• hermes auth login google, verify ~/.hermes/google_oauth_credentials.json is mode 0600 and the parent dir is 0700
• Confirm re-login overwrites cleanly

[alt-glitch]

Related to #11003 (same TOCTOU pattern in dashboard Anthropic OAuth writer) and #6670 (secure OAuth writes).

[teknium1]

Salvaged via #19673 onto current main with conflict resolution (kept newer atomic_replace from main; dropped the now-redundant post-write chmod since O_EXCL already applies 0o600). Your commit authorship was preserved. Thanks @CharlieKerfoot!