Fix nixos-rebuild permission issue by running as root directly

Remove sudo -u cm wrapper that was causing git repository ownership
mismatch. Now cm-agent runs nixos-rebuild directly as root, avoiding
the ownership conflict between cm-agent (git clone) and cm user.

Updated sudo rules to allow cm-agent -> root nixos-rebuild access.

agent/src/agent.rs

@@ -300,8 +300,6 @@ impl Agent {
         let rebuild_result = if git_result.is_ok() {
             info!("Git repository ready, executing nixos-rebuild");
             tokio::process::Command::new("sudo")
-                .arg("-u")
-                .arg("cm")
                 .arg("/run/current-system/sw/bin/nixos-rebuild")
                 .arg("switch")
                 .arg("--flake")