Add optional passphrase prompt to SSH key generation

[Copilot]

SSH keys were generated unconditionally without a passphrase (-N ""), giving users no choice and creating less secure keys by default.

Changes

• src/steps/ssh.js — Adds a @clack/prompts password prompt after the email step; blank = no passphrase, non-blank requires ≥8 characters; cancelling aborts the flow
• src/utils/shell.js — Extends runStream(cmd, opts) to accept an env option forwarded to spawn(), enabling secure env-var injection
• tests/ssh.test.js — Adds mockPassword and four new cases: blank passphrase, passphrase provided, cancel passphrase, prompt message content

Security note

The passphrase is never interpolated into the shell command string. It is passed as SSH_KEYGEN_PASSPHRASE via spawn's env option and referenced as $SSH_KEYGEN_PASSPHRASE in the command, avoiding shell injection:

await runStream(
  `ssh-keygen -t rsa -b 4096 -C "${email}" -f "${keyFile}" -N "$SSH_KEYGEN_PASSPHRASE"`,
  { env: { ...process.env, SSH_KEYGEN_PASSPHRASE: passphrase } }
);

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.