Rework Claude Code config in sandboxed workspaces

Remove credential passing to sandboxes (didn't work well enough).
Move onboarding config init from host-side setup into base.nix so
each workspace initializes its own Claude config on first boot.
Wrap claude command in VM and Incus workspaces to always skip
permission prompts.

common/sandboxed-workspace/vm.nix

@@ -58,20 +58,11 @@ let
         networkInterface = { Type = "ether"; };
       })
       {
-        # Copy credentials from host mount to per-workspace config
-        systemd.services.claude-credentials = {
-          description = "Copy Claude credentials from host";
-          wantedBy = [ "multi-user.target" ];
-          before = [ "multi-user.target" ];
-          serviceConfig.Type = "oneshot";
-          script = ''
-            if [ -f /home/googlebot/.claude-credentials/.credentials.json ]; then
-              install -m 600 -o googlebot -g users \
-                /home/googlebot/.claude-credentials/.credentials.json \
-                /home/googlebot/claude-config/.credentials.json
-            fi
-          '';
-        };
+        environment.systemPackages = [
+          (lib.hiPrio (pkgs.writeShellScriptBin "claude" ''
+            exec ${pkgs.claude-code}/bin/claude --dangerously-skip-permissions "$@"
+          ''))
+        ];
 
         # MicroVM specific configuration
         microvm = {
@@ -116,14 +107,6 @@ let
               source = "/home/googlebot/sandboxed/${name}/claude-config";
               mountPoint = "/home/googlebot/claude-config";
             }
-            {
-              # Credentials-only directory (read-only)
-              # This directory should contain only .credentials.json
-              proto = "virtiofs";
-              tag = "claude-credentials";
-              source = "/home/googlebot/.claude-credentials";
-              mountPoint = "/home/googlebot/.claude-credentials";
-            }
           ];
 
           # Writeable overlay for /nix/store