[feat] --dangerously-allow-all + make --allow-cmd actually execute (STAR-55)

[vt128]

What

Two fixes to host command execution, from the v0.2 capability review:

1. --allow-cmd was a no-op for execution. starcli built cmd via cmd.NewModule() (disabled), so run() always returned "command execution is disabled" even with the flag. It now builds cmd via cmd.NewModuleWithAllowAll() (starpkg/cmd v0.1.1) when execution is granted — so --allow-cmd actually runs commands.
2. New --dangerously-allow-all — one flag opens network + filesystem + host command execution of any command (Claude-Code-style "trust everything").

Capability model

The grant gains a separate execCmd lever; allowCmd still gates loading. Command execution is off in the open posture and under a bare tier — it turns on only with --allow-cmd or --dangerously-allow-all. So a no-flag run still loads cmd (which() works) but run() stays disabled: no surprise process spawning by default. cmd stays argv-only + input-hardened by the module (the allow-all escape hatch only skips the allowlist, never the sanitization).

invocation	cmd loads?	run() executes?
(default open)	yes	no (disabled)
--caps full	no (withheld)	no
--allow-cmd	yes	yes (any command)
--dangerously-allow-all	yes (+ net/fs)	yes (any command)

Changes

• capability.go: capGrant.execCmd; grantFromFlags(..., dangerous); open posture loads cmd but leaves execCmd off.
• box.go: thread grant.execCmd into BoxOpts; mods.go: cmd built enabled iff execCmd.
• args.go: the --dangerously-allow-all flag.
• tests: TestGrantExecCmd (the lever) + TestProcess_CmdExecution_EndToEnd (default disabled / --allow-cmd runs / --dangerously-allow-all opens net+cmd).
• go.mod: starpkg/cmd v0.1.0 → v0.1.1.
• README.md: capability section + --help snapshot.

Verification

• Full -race green; Docker golang:1.25 (go floor) green; gofmt/vet clean.

Tracks STAR-55 (under STAR-53). Depends on starpkg/cmd#17 (merged, tagged v0.1.1).