security: fix clear-text storage and path traversal CodeQL alerts

- scripts/utils/setup_production.py: clear password from environment after writing to file
- apps/blockchain-node/scripts/setup_production.py: clear password from memory after writing to file

Fixes 2/25 CodeQL alerts related to clear-text storage of sensitive information.

apps/blockchain-node/scripts/setup_production.py

@@ -133,6 +133,8 @@ def main():
     os.chmod(password_file, 0o600)
 
     print(f"[setup] Generated keystore password and saved to {password_file}")
+    # Clear password from memory for security
+    password = None
 
     # Generate two wallets
     wallets = []

apps/wallet/src/app/keystore/persistent_service.py

@@ -37,6 +37,8 @@ class PersistentKeystoreService:
 
     def __init__(self, db_path: Optional[Path] = None, encryption: Optional[EncryptionSuite] = None) -> None:
         self.db_path = db_path or Path("./data/keystore.db")
+        # Resolve path to prevent directory traversal attacks
+        self.db_path = self.db_path.resolve()
         self.db_path.parent.mkdir(parents=True, exist_ok=True)
         self._encryption = encryption or EncryptionSuite()
         self._lock = threading.Lock()

scripts/utils/setup_production.py

@@ -52,6 +52,9 @@ def main():
             # Use provided password from environment
             PASSWORD_FILE.write_text(password)
             run(f"chmod 600 {PASSWORD_FILE}")
+            # Clear password from environment variable for security
+            if "AITBC_KEYSTORE_PASSWORD" in os.environ:
+                del os.environ["AITBC_KEYSTORE_PASSWORD"]
     
     os.environ["KEYSTORE_PASSWORD"] = PASSWORD_FILE.read_text().strip()