sec: clear wizard-set API keys from os.environ after session ends

[rosspeili]

Closes ARPAHLS/rooms#5.

When the CLI wizard collects an API key (e.g. OPENAI_API_KEY), it writes into os.environ. Those values previously persisted for the entire Python process, which is a security risk if the user runs another session in the same terminal or the process stays alive.

This PR tracks only keys introduced by the wizard during setup and removes them when the session loop ends (normal exit, exit/quit, or Ctrl+C). Keys that were already set in the environment before the wizard runs are never touched.

Changes

• Add _set_session_env_key, _prompt_api_key_if_needed, and _cleanup_session_env in cli.py
• Deduplicate API-key prompting for custom agents and the orchestrator
• Pass tracked_env_keys from main_menu into run_session
• Run _cleanup_session_env in a finally block after the session loop
• Add tests/test_cli.py for tracking, skip-existing, and cleanup behavior

Test plan

• .\venv\Scripts\python.exe -m pytest tests -q (15 passed)
• Start CLI with a non-Ollama model, enter an API key when prompted, finish or interrupt the session, confirm the key is no longer in os.environ for that process
• Export a key before starting the CLI; confirm it remains after the session ends