fix(cli): pass API key via env var instead of argv (closes #4862)

[PHclaw]

Summary

API keys were previously passed to the telemetry subprocess via sys.argv, exposing them through ps, /proc//cmdline, and process inspection tools on all platforms.

Fix: pass the API key via the MEM0_API_KEY environment variable instead.

Changes

elemetry.py

• Read API key from config and pass via MEM0_API_KEY environment variable in subprocess.Popen(env=...)
• Removed mem0_api_key from the JSON context dict passed via argv

elemetry_sender.py

• Read MEM0_API_KEY from os.environ instead of the context dict
• Updated docstring to document the security model

est_telemetry_security.py (new)

• est_api_key_not_in_subprocess_argv: verifies API key never appears in argv
• est_api_key_passed_via_env_var: verifies correct env var propagation
• est_no_api_key_means_no_env_var: edge case when no key is configured

Security impact

Before	After
ps aux	grep mem0 shows full API key
Visible in /proc//cmdline	Not present in cmdline
Exposed in Activity Monitor	Not exposed

Closes #4862

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

PHclaw seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[PHclaw]

Hi maintainers! I'd like to sign the CLA for this PR. Could someone point me to the CLA signing page? The cla-assistant.io link in the bot comment doesn't seem to redirect to the signing form.

Thanks for reviewing!