feat: mount under \$XDG_RUNTIME_DIR/sshfs/ instead of ~/Servers/

Aligns with XDG Base Directory spec: $XDG_RUNTIME_DIR is the defined
location for non-essential runtime files (ephemeral, user-owned,
session-scoped). sshfs mounts fit that definition exactly, and the
tmpfs backing means orphaned mountpoint dirs vanish on logout instead
of accumulating.

- verify_mount_dir reads $XDG_RUNTIME_DIR, falls back to
  /run/user/<uid>/ via os.Getuid().
- Existing path-traversal guard and symlink rejection carry over
  unchanged.
- Tests switched from t.Setenv("HOME") to t.Setenv("XDG_RUNTIME_DIR").

File-manager sidebar visibility is unaffected — gvfs surfaces FUSE
mounts via /proc/mounts regardless of mountpoint location.

main_test.go

@@ -1,5 +1,5 @@
-// ABOUTME: Unit tests for sshfsc helpers, primarily the path-traversal guard
-// ABOUTME: in verify_mount_dir and the ssh_config field allowlist regexes.
+// ABOUTME: Unit tests for sshfsc helpers — path-traversal guard in
+// ABOUTME: verify_mount_dir (XDG_RUNTIME_DIR-rooted) and field allowlist regexes.
 
 package main
 
@@ -11,9 +11,9 @@ import (
 )
 
 func TestVerifyMountDir(t *testing.T) {
-	home := t.TempDir()
-	t.Setenv("HOME", home)
-	base := filepath.Join(home, "Servers")
+	runtime := t.TempDir()
+	t.Setenv("XDG_RUNTIME_DIR", runtime)
+	base := filepath.Join(runtime, "sshfs")
 	if err := os.MkdirAll(base, 0700); err != nil {
 		t.Fatalf("setup base: %v", err)
 	}
@@ -123,9 +123,9 @@ func TestValidateSSHFieldRegexes(t *testing.T) {
 }
 
 func TestVerifyMountDirRejectsSymlink(t *testing.T) {
-	home := t.TempDir()
-	t.Setenv("HOME", home)
-	base := filepath.Join(home, "Servers")
+	runtime := t.TempDir()
+	t.Setenv("XDG_RUNTIME_DIR", runtime)
+	base := filepath.Join(runtime, "sshfs")
 	if err := os.MkdirAll(base, 0700); err != nil {
 		t.Fatalf("setup base: %v", err)
 	}