Refactor: replace eval in rollback_installation with whitelist parser

## Background

Both `cuda-install.sh` and `nvidia-install.sh` use `eval "$action"` to execute rollback commands read from `$ROLLBACK_FILE`. While the file is only written by the scripts themselves via `save_rollback_info()` and the state directory is root-owned, `eval` on file contents is inherently risky.

## Current behavior

```bash
while read -r action; do
    if ! eval "$action"; then
        ...
    fi
done < <(tac "$ROLLBACK_FILE")
```

## Proposed improvement

1. **Immediate**: Set `chmod 600` on `$ROLLBACK_FILE` after creation
2. **Future**: Replace `eval` with a whitelist-based command dispatcher that validates each line against known safe patterns (e.g., `rm -f`, `dpkg -r`, `dnf remove -y`, `zypper removerepo`, `systemctl start`, etc.)

## Files affected

- `src/cuda-install.sh` (`rollback_installation` + `save_rollback_info`)
- `src/nvidia-install.sh` (`rollback_installation` + `save_rollback_info`)

Raised by CodeRabbit review on PR #2.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor: replace eval in rollback_installation with whitelist parser #4

Background

Current behavior

Proposed improvement

Files affected

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Refactor: replace eval in rollback_installation with whitelist parser #4

Description

Background

Current behavior

Proposed improvement

Files affected

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions