Fix Kingfisher container: add /tmp directory

Kingfisher needs a writable temp directory for git clones and scanning.
Nix containers don't create /tmp by default.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

containers/kingfisher/default.nix

@@ -105,11 +105,16 @@ pkgs.dockerTools.buildLayeredImage {
     pkgs.tzdata
   ];
 
+  extraCommands = ''
+    mkdir -p tmp
+  '';
+
   config = {
     Entrypoint = [ "${kingfisher}/bin/kingfisher" ];
     Env = [
       "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
       "TZDIR=${pkgs.tzdata}/share/zoneinfo"
+      "TMPDIR=/tmp"
     ];
     User = "65534";
   };