fix(make-pdf): write --from-file payload to /tmp, not os.tmpdir()

make-pdf's browseClient wrote its --from-file payload to os.tmpdir(),
which is /var/folders/... on macOS. v1.6.0.0's PR #1103 cherry-pick
tightened browse load-html --from-file to validate against the
safe-dirs allowlist ([TEMP_DIR, cwd] where TEMP_DIR is '/tmp' on
macOS/Linux, os.tmpdir() on Windows). This closed a CLI/API parity
gap but broke make-pdf on macOS because /var/folders/... is outside
the allowlist.

Fix: mirror browse's TEMP_DIR convention — use '/tmp' on non-Windows,
os.tmpdir() on Windows. The make-pdf-gate CI failure on macOS-latest
(run 72440797490) is caused by exactly this: the payload file was
rejected by validateReadPath.

Verified locally: the combined-gate e2e test now passes after
rebuilding make-pdf/dist/pdf.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

make-pdf/src/browseClient.ts

@@ -142,13 +142,21 @@ function runBrowse(args: string[]): string {
 /**
  * Write a payload to a tmp file and return the path. Used for any payload
  * >4KB to avoid Windows argv limits (Codex round 2 #3).
+ *
+ * Path must be under the browse safe-dirs allowlist (/tmp or cwd on
+ * non-Windows; os.tmpdir on Windows).  v1.6.0.0 tightened --from-file
+ * validation to close a CLI/API parity gap (PR #1103), so os.tmpdir()
+ * on macOS (/var/folders/...) now fails validateReadPath.  Use the same
+ * TEMP_DIR convention as browse/src/platform.ts.
  */
+const PAYLOAD_TMP_DIR = process.platform === "win32" ? os.tmpdir() : "/tmp";
+
 function writePayloadFile(payload: Record<string, unknown>): string {
   const hash = crypto.createHash("sha256")
     .update(JSON.stringify(payload))
     .digest("hex")
     .slice(0, 12);
-  const tmpPath = path.join(os.tmpdir(), `make-pdf-browse-${process.pid}-${hash}.json`);
+  const tmpPath = path.join(PAYLOAD_TMP_DIR, `make-pdf-browse-${process.pid}-${hash}.json`);
   fs.writeFileSync(tmpPath, JSON.stringify(payload), "utf8");
   return tmpPath;
 }