fix(cli): skip DSTACK_AUTHORIZED_KEYS injection when --no-dev-os is set

[Leechael]

Summary

• When --no-dev-os is set, readSshPubkey now returns undefined unconditionally, so DSTACK_AUTHORIZED_KEYS is never injected into the encrypted environment.
• Previously --no-dev-os --ssh-pubkey <path> still injected the SSH public key. Non-dev images don't run an SSH daemon, so injecting the key was pointless and leaked the pubkey into the encrypted env.

Test plan

• bun test src/commands/deploy/handler.test.ts — 38 pass
• Pre-commit hooks (biome fmt/lint, tsc, tests) all pass

[Leechael]

!release cli patch beta

[github-actions]

🚀 @Leechael release command accepted: cli patch (beta).

📦 Prerelease tag: beta (will publish to npm with tag beta)
Target branch: fix/deploy-no-dev-os-skip-ssh-key (open PR). Version commits will be pushed to this branch.
The release workflow is queued; results will be posted here.

[github-actions]

🎉 Release completed: cli v1.1.20-beta.1

• Branch: fix/deploy-no-dev-os-skip-ssh-key
• npm: phala
• GitHub Release: link
• Workflow logs: https://github.com/Phala-Network/phala-cloud/actions/runs/27680327790

📦 Package Info

• Package size: size: 142.2
• Unpacked size: size: 538.4
• Total files: files:

📄 Files included

11.4kB LICENSE
3.8kB README.md
31.3kB dist/api/index.d.ts
110.2kB dist/api/index.js
20B dist/index.d.ts
379.8kB dist/index.js
1.9kB package.json