fix: replace 'source .env' with safe env loader in all scripts

The raw 'source .env' pattern breaks when values contain special bash
characters like ) in passwords or database URLs. This caused deploy:remote
to fail with 'syntax error near unexpected token )'.

Changes:
- Created shared/scripts/lib/load-env.sh: reads .env line-by-line with
  export instead of source, safely handling special characters
- Updated db-backup.sh, db-restore.sh, deploy-remote.sh, remote.sh to
  use the shared loader
- Reordered deploy-remote.sh: git pull now runs first (step 1) so the
  remote always has the latest scripts before running backup (step 2)

shared/scripts/remote.sh

@@ -9,12 +9,10 @@
 # Usage: ./remote.sh
 # =============================================================================
 
-# Load environment variables
-if [ -f .env ]; then
-  set -a
-  source .env
-  set +a
-fi
+# Load environment variables safely
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/lib/load-env.sh"
+load_env
 
 if [ -z "$VPS_HOST" ] || [ -z "$VPS_USER" ]; then
   echo "Error: VPS_HOST and VPS_USER must be set in .env"