fix(p0): close governance fail-open vulnerabilities

[jpleva91]

Summary

Fixes all 3 P0 governance security bugs plus 2 closely related P1s. These were blocking the dogfood run and represent actual security correctness holes in the enforcement runtime.

• bug: govern-shell.sh — unescaped $COMMAND in printf creates malformed JSON, silently defaults to allow #75 fix (govern-shell.sh): Replace printf injection with jq --arg for safe JSON construction
• bug: govern-shell.sh uses fragile sed to parse JSON — denial reason extraction can fail silently #67 fix (govern-shell.sh): Replace fragile sed output parsing with jq; fail-closed on governance unavailable
• bug: cmdEvaluate silently ignores JSON unmarshal error — governance bypass #62 fix (main.go): cmdEvaluate fails-closed on JSON unmarshal error and stdin read error
• Critical: bounded-execution policy denies ALL run_shell calls in enforce mode #58 fix (engine.go): Wildcard command:* policy with no args_contain no longer matches every run_shell call
• bug: governance policy gap — plain rm and rm -r not blocked by no-destructive-rm #69 + agentguard.yaml: misleading comment says 'monitor' but mode is 'enforce' #59 fix (agentguard.yaml): Block all rm (not just -rf/-fr); fix misleading mode comment

Test plan

• go build ./cmd/shellforge/ passes (verified locally)
• shellforge evaluate with malformed JSON returns {"allowed":false}
• govern-shell.sh -c 'echo "hello"' correctly evaluates without JSON corruption
• govern-shell.sh -c 'rm file.txt' is denied by updated rm policy
• Bounded-execution monitor policy no longer matches every run_shell call
• plain rm is now denied by no-destructive-rm

Closes #58, #59, #62, #67, #69, #75

Generated with Claude Code