## Context

The `roles/trojan/tasks/main.yml` playbook downloads a trojan-go zip archive to `/tmp/trojan-go.zip`, then attempts to extract it using `ansible.builtin.unarchive` with `dest: /tmp/trojan-go-extract/`. The Ansible `unarchive` module requires the destination directory to already exist on the remote host — it does not create it automatically. No task in the playbook creates this directory, causing a fatal failure on line 23.

## Goals / Non-Goals

**Goals:**
- Ensure `/tmp/trojan-go-extract/` exists before the unarchive task runs
- Keep the fix minimal — no architectural changes

**Non-Goals:**
- No changes to version, download URL, or extraction logic
- No refactoring of surrounding tasks

## Decisions

Add an `ansible.builtin.file` task with `state: directory` immediately before the existing unarchive task (line 23). This is the most direct fix and matches the pattern already used elsewhere in the same playbook (e.g., line 9-15 for the config directory).

Alternatives considered:
- Use `unarchive` with a different dest that already exists (e.g., `/tmp/`): would pollute `/tmp` with extra files and require filtering logic.
- Add `create_dest: yes`-style parameter: no such parameter exists in Ansible's `unarchive` module.

## Risks / Trade-offs

- [Leftover /tmp directory on failure] → The cleanup task at line 46-52 already removes `/tmp/trojan-go-extract` on success. On failure mid-playbook, the directory persists but `/tmp` is volatile and cleaned on reboot.