feat: write .bak files before modifying existing config files #18
Description
Problem
bait.go appends canary content to existing config files (~/.aws/credentials, ~/.ssh/config, ~/.gitconfig, etc.) without creating a backup first. If snare disarm crashes mid-operation, the appended canary content is orphaned and the original file state is lost.
Fix
Before appending to any existing file, write a .bak copy first. Delete the .bak after successful disarm. Example: ~/.ssh/config.snare.bak.
Affected files
internal/bait/bait.go— all canary types that append to existing files