[small ops safety] Improve operator safety for generated .env files

[failuresmith]

Summary

• adk create always writes a .env file.
• The scaffold now also creates or updates .gitignore with .env.
• Existing .gitignore entries are preserved, and .env is not duplicated.

Why

If ADK creates .env by default, it should also ignore that file by default. This avoids relying on operator accuracy for a predictable secret-handling risk.

Testing

• PYTHONPATH=src pytest tests/unittests/cli/utils/test_cli_create.py
• PYTHONPATH=src pytest tests/unittests/cli/utils/test_cli_tools_click.py::test_cli_create_cmd_invokes_run_cmd tests/unittests/cli/test_cli_tools_click_option_mismatch.py::test_adk_create
• Manual smoke test: adk create l1 generated .gitignore containing .env

Notes

• git diff --check passed.
• pyink and isort were not available in the current uv environment, so formatter checks could not be run locally.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[adk-bot]

Hello @failuresmith, thank you for your contribution!

Before we can merge this PR, could you please sign the Contributor License Agreement (CLA)? You can find more information at https://cla.developers.google.com/.

Also, for new features and fixes, we require an associated GitHub issue. Could you please create an issue for this change and link it to this PR?

Thanks for your help!

Response from ADK Triaging Agent