#18959: fix: harden permissions on cron/, browser/, settings/ in doctor --fix

Fixes #18866 `doctor --fix` (`fixSecurityFootguns`) already secures `stateDir` (700), `configPath` (600), `credentials/` (700/600), and `agents/*/sessions` (700/600), but leaves `cron/`, `browser/`, and `settings/` with default world-readable permissions. ### Changes Added `applyPerms` calls in `fixSecurityFootguns` for: - `~/.openclaw/cron/` → 700 - `~/.openclaw/cron/jobs.json` → 600 - `~/.openclaw/cron/jobs.json.bak` → 600 - `~/.openclaw/browser/` → 700 - `~/.openclaw/settings/` → 700 These directories contain sensitive data (scheduled task payloads, browser session state/cookies, user settings) and should not be world-readable. <!-- greptile_comment --> <h3>Greptile Summary</h3> Secured `~/.openclaw/cron/`, `~/.openclaw/browser/`, and `~/.openclaw/settings/` directories by adding restrictive permissions (700 for directories, 600 for files) in the `fixSecurityFootguns` function. The implementation follows the existing security hardening pattern used for credentials and agent state directories, ensuring sensitive data like scheduled task payloads, browser session state/cookies, and user settings are no longer world-readable. <h3>Confidence Score: 5/5</h3> - Safe to merge with minimal risk - The changes follow established patterns in the codebase, use the existing `applyPerms` abstraction that handles both Unix and Windows permissions correctly, and address a legitimate security concern by restricting access to sensitive directories that were previously world-readable - No files require special attention _{Last reviewed commit: 0d620f1} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->