fix(sensor-proxy): ensure correct config.yaml permissions after modifications

Fixed bug where config.yaml would end up with root:root 600 permissions
after the installer modified it, causing service startup failures with
"permission denied" errors.

Root cause: Two code paths modified config.yaml without resetting ownership:
1. ensure_control_plane_config() - used mktemp (creates root-owned file),
   then mv'd it over config.yaml without chown/chmod
2. HTTP mode configuration - appended to config.yaml without resetting perms

Fix: Added chown/chmod after both modifications:
- Line 1601-1602: After control-plane config update
- Line 1860-1861: After HTTP mode config append

Now config.yaml maintains pulse-sensor-proxy:pulse-sensor-proxy 644
permissions after all modifications, allowing the service to start correctly.

This bug was discovered during repair logic testing - the service failed
to start after the installer ran, even though the fmt.Sprintf argument
alignment fix was working correctly.

scripts/install-sensor-proxy.sh

@@ -1598,6 +1598,8 @@ ensure_control_plane_config() {
             { print }
         ' "$config_file" > "$tmp"
         mv "$tmp" "$config_file"
+        chown pulse-sensor-proxy:pulse-sensor-proxy "$config_file"
+        chmod 0644 "$config_file"
         return
     fi
 
@@ -1855,6 +1857,8 @@ allowed_source_subnets:
   - $PULSE_IP/32
   - 127.0.0.1/32
 EOF
+    chown pulse-sensor-proxy:pulse-sensor-proxy /etc/pulse-sensor-proxy/config.yaml
+    chmod 0644 /etc/pulse-sensor-proxy/config.yaml
 
     print_success "HTTP mode configured successfully"
     echo ""