feat: --allow-other flag for crm mount (fixes single-uid FUSE EACCES)

[dzhng]

Repro

Default FUSE mounts are accessible only to the mounting user. Any process running as a different uid gets EACCES on the mountpoint:

$ crm mount ~/crm
Mounted at /home/user/crm

$ sudo python3 -c "import os; print(os.lstat('/home/user/crm'))"
PermissionError: [Errno 13] Permission denied: '/home/user/crm'

This breaks consumers that enumerate the parent directory from a different process context — e.g. an e2b sandbox SDK calling files.list('/home/user') fails with lstat /home/user/crm: permission denied even though the mount is healthy from the user's own shell.

Fix

Add a --allow-other CLI flag and matching [mount].allow_other config option. When set, the FUSE helper is invoked with -o allow_other, which lets any uid access the mount. The kernel still requires user_allow_other in /etc/fuse.conf when the mount is invoked by a non-root user; that's a deployment concern called out in the flag help text.

The macOS NFS path is unaffected — the option only applies to the Linux FUSE mount.

Verification

# With --allow-other: root can read the mount
$ node dist/cli.js mount ~/crm --allow-other
Mounted at /home/user/crm (PID 8042)
$ sudo python3 -c "import os; print(os.lstat('/home/user/crm'))"
os.stat_result(st_mode=16877, st_ino=1, st_dev=44, ...)   ✓

# Without --allow-other: existing behavior, root gets EACCES
$ node dist/cli.js mount ~/crm
Mounted at /home/user/crm (PID 8140)
$ sudo python3 -c "import os; print(os.lstat('/home/user/crm'))"
PermissionError: [Errno 13] Permission denied: '/home/user/crm'

bun run check-types clean. bun run build clean.

🤖 Generated with Claude Code