fix(security): remove shell injection surface and block directory traversal (#47)

Closes #43: Remove shell: true from runGit() in git-helpers.ts. Node.js
resolves the git binary via PATH directly without a shell on WSL, Linux,
macOS, and Windows. shell: true is unnecessary and allows shell metacharacters
in args to be interpreted as shell syntax.

Closes #42: Validate module paths in adf create before path.join. Paths
containing ".." or absolute paths are rejected with a clear error. A secondary
resolved-path check confirms the final path stays within the .ai/ directory,
guarding against platform-specific bypass patterns.

Co-authored-by: Kevin Overmier <kovermier@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: 3 people