fix(security): harden exec permissions and remove dangerous defaults

[OliviaPp8]

Summary

This PR addresses several security concerns identified in a code audit:

Changes

1. Restore command substitution blocking in patch 001

   • Keep \\ and backticks blocked to prevent arbitrary code execution
   • Still allow useful operators: &&, ||, ;, <, >\

2. *Change IT Engineer from \security: full\ to \security: allowlist*

   • Add comprehensive \exec-approvals.json\ with sysadmin commands
   • Enable \�sk: on-miss\ for user confirmation on unlisted commands

3. Remove dangerous browser defaults

   • Remove \dangerouslyAllowPrivateNetwork: true\ (SSRF risk)
   • Remove \�llowRfc2544BenchmarkRange: true\

4. Add security documentation

   • New \docs/SECURITY.md\ explaining the tier system
   • Document rationale for security decisions

Rationale

Issue	Risk	Fix
Command substitution allowed	Arbitrary code execution via allowlist bypass	Block \\ and backticks
IT Engineer \security: full\	Prompt injection → full system access	Use allowlist + ask
Private network browser access	SSRF attacks on internal services	Remove from defaults

Breaking Changes

• IT Engineer may prompt for confirmation on some commands (previously ran everything silently)
• Browser cannot access private IPs by default (users can re-enable if needed)

Testing

• Verify IT Engineer can still perform common sysadmin tasks
• Confirm command substitution is properly blocked
• Test that allowed operators (&&, ||, etc.) still work

/cc @MilkWind

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}