feat(#591 followup): `%s` printf injection theoretical surface

[michael-wojcik]

Surfaced during PR #596 blind review (backend-F3).

Problem: STATE_FILE write uses `printf '...,"monitor_task_id":"%s","cron_job_id":"%s",...'` with `$M_ID` and `$C_ID`. If either contains a `%` character, printf would interpret it as a format directive.

Practical reachability: blocked. Monitor task IDs are platform-generated alphanumeric (e.g., `bnsg1hi19`, `bwksr27ij`). CronCreate job IDs are hex (e.g., `f7e3815e`). No `%` in either source. Reachability requires a future platform change allowing user-supplied IDs.

Why deferred: defensive-hygiene principle has merit but in-PR fix scope is significant (6-file lockstep edit across canonical-mirror surfaces) for a theoretical concern with no current reachability.

Suggested fix scope: replace printf %s with safer JSON construction (jq, or shell-escaped form). 6-file lockstep across monitor-block + state-file fixture + 5 ARMING_FILES.

Originating review: docs/review/591-blind-backend.md FUTURE-3.