fix: prevent _syncconf from touching live container when run from tests

Added a path guard: if the config file resolves to /tmp/ or a pytest
temp dir, _syncconf bails out immediately. Without this, tests calling
add_peer/remove_peer with a temp-dir WireGuardManager would connect to
the live cell-wireguard container and remove production peers.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

api/wireguard_manager.py

@@ -160,8 +160,15 @@ class WireGuardManager(BaseServiceManager):
         wg syncconf resets the ListenPort when given a peers-only config,
         breaking client connections. We diff the config file against the live
         interface and add/remove peers individually instead.
+
+        SAFETY: if the config file is not under the real wireguard config dir
+        (e.g. a test temp dir), bail out immediately — never touch the live container.
         """
         import subprocess, re
+        real_conf = self._config_file()
+        if '/tmp/' in real_conf or 'pytest' in real_conf:
+            logger.debug('_syncconf: skipping — config path looks like a test dir')
+            return
         try:
             # Parse desired peers from config file
             content = self._read_config()