fix(export): use '#' as sed delimiter (regex '|' was clashing)

[AhmedTMM]

Repro

Run `spawn export` on a session whose staged tree contains any file matching the secrets regex (e.g. a test fixture with an OpenRouter / Anthropic key shape). Approve the redaction prompt. The VM then errors:

```
⚠ Redacting potential secrets in:
project/test/brain-sync.test.ts
sed: -e expression #1, char 67: unknown option to `s'

■ Export failed: sprite exec failed (exit 1)
```

Cause

The redact step uses:

```bash
sed -i -E "s|${SECRET_REGEX}|${REDACT_PLACEHOLDER}|g" "$f"
```

`SECRET_REGEX` is itself a `|`-separated alternation of provider patterns. After bash expands it, sed sees:

```
s|(sk-or-v1-...)|(sk-ant-api...)|...|REDACTED|g
```

— where every `|` inside the regex looks like another sed field separator, and the parser bails at "unknown option to `s'".

Fix

Swap the sed delimiter to `#`. None of the regex tokens contain `#`, and neither does the placeholder. The `|` inside the pattern is now correctly interpreted by `sed -E` as alternation — which was the intent all along.

Adds a regression test asserting the script contains `'sed -i -E "s#...#...#g"'` and not the broken `'sed -i -E "s|...|...|g"'`.

Bumps CLI `1.0.35` → `1.0.36`.

Test plan

• `bunx @biomejs/biome check src/` — clean
• `bun test src/tests/export.test.ts` — 39 pass / 0 fail
• `bun test` (full suite) — same 4 pre-existing fails as upstream/main (DO OAuth, hetzner createServer, cmdrun pipeline)
• Manual: re-run the export from the failing session — confirm redaction completes and `gh repo create` succeeds

🤖 Generated with Claude Code

[la14-1]

Correct fix for a bug I should have caught in #3383 — sed delimiter '|' collided with the '|'-alternation in SECRET_REGEX, so the redact pass crashed at runtime. '#' is absent from both the regex and the placeholder, so the substitution is now unambiguous. Regression test asserts the exact sed form. Approving.