🔒 Fix Symlink Attack vulnerability in _owner_only_opener

[google-labs-jules]

🎯 What: Fixed a vulnerability in _owner_only_opener inside hooks/utils.py where the os.open call could follow symbolic links when creating/opening sensitive files.

⚠️ Risk: A symlink attack (CWE-59 / CWE-61). If an attacker can pre-create a symbolic link in an expected location (like ~/.claude/ for state/log files), the hook script would follow the symlink and enforce 0o600 permissions on the target, potentially altering or overwriting critical system files (e.g., /etc/shadow) or other users' files, leading to privilege escalation or denial of service.

🛡️ Solution: Added flags |= getattr(os, "O_NOFOLLOW", 0) to the os.open call within _owner_only_opener. This ensures os.open fails with an OSError if the targeted path is a symlink. We gracefully fallback to 0 if O_NOFOLLOW is not present (e.g. on older Windows versions). A new test was appended to tests/test_utils.py to assert this symlink rejection.

---

PR created automatically by Jules for task 12170438649206231848 started by @zknpr

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.