fix: validate path_script env vars and output to prevent shell injection

[kexi]

Summary

Defense-in-depth hardening of the path_script execution path so that user-controlled values (branch name, repo name, etc.) cannot smuggle shell metacharacters into a naively written script.

The executePathScript function previously passed VIBE_BRANCH_NAME, VIBE_REPO_NAME, VIBE_SANITIZED_BRANCH, and VIBE_REPO_ROOT to a user script without validation. A branch name containing newlines, NULs, or shell metacharacters could be exploited when the script's author forgot to double-quote variables (or used eval).

Three layers added:

Layer	Where	Action
1	All four VIBE_* fields	Hard-reject ASCII control chars (\x00-\x1f\x7f) with a hex-encoded error
2	branch / repo / sanitizedBranch fields	Warn (don't block) on shell metacharacters ($, `, ;, `
3	Script stdout (pre-trim)	Hard-reject control chars; allow exactly one trailing newline

A new buildPathScriptEnv collector centralises env construction so adding a future VIBE_* field automatically routes through validation. Layer 3 explicitly excludes path-traversal semantics (tracked separately in #419).

User-facing security guidance is added to vibe-toml.mdx (en/ja).

Fixes #415

Test Plan

• Added 32 unit tests in packages/core/src/utils/worktree-path-validation.test.ts covering control-char boundaries (\x1f/\x20/\x7e/\x7f), metachar detection, dedup keys, output validation (leading/trailing newline edge cases)
• Added 10 integration tests in packages/core/src/utils/worktree-path.test.ts covering control-char rejection per field, metachar warnings across multiple fields, dedup behaviour, and stdout rejection
• All 49 worktree-path tests pass; full pnpm run check:all passes (451 tests, lint, typecheck, docs, video)

Checklist

• Tests added/updated
• pnpm run check:all passes
• Docs updated (if needed)

Fixes #415