Harden allowedTools parser and git push wrapper

[samanmohamadamin90]

Summary

This PR hardens the security model around tool parsing and git push execution.

Changes

• Hardened parseAllowedTools() against:

  • wildcard tool permissions
  • malformed escaping
  • duplicate flag abuse
  • missing values

• Added stricter validation for:

  • --allowedTools
  • --allowed-tools

• Improved test coverage for parser edge cases.

• Hardened git-push.sh wrapper to restrict push behavior and reduce abuse surface.

Validation

• All tests passing:

  • 691 passing
  • 0 failing

• TypeScript typecheck passes successfully.