Auto-upgrade silently fails when /tmp is noexec or permission-restricted

[txf0096]

Problem

The background auto-upgrade mechanism fails silently on systems where /tmp is
mounted with noexec or has restricted write permissions (common in corporate
and hardened Linux/macOS environments).

In run_install_script (Unix path), the install script is written to
std::env::temp_dir() (typically /tmp) before execution. If this write fails
due to permissions, the background process calls process::exit(1) with all
output suppressed (stdout/stderr → /dev/null), so the user sees nothing and
the auto-update silently stops working.

Steps to reproduce

1. Mount /tmp as noexec: mount -o remount,noexec /tmp
2. Run any git command (which triggers maybe_schedule_background_update_check)
3. Observe: no update is applied, no error is shown

Expected behavior

The upgrade should use a directory that git-ai already owns and has guaranteed
write access to (e.g., ~/.git-ai/tmp/), rather than relying on /tmp.

Proposed fix

Replace std::env::temp_dir() with ~/.config/git-ai/tmp/ (or platform
equivalent), creating the directory if needed, with fallback to temp_dir() if
the home path is unavailable.

[svarlamov]

This seems directionally right -- would love to see a PR if you're able to put one together