Security audit: IPC path validation hardening

[yoziv]

This is a tracking issue for security hardening of IPC handlers identified during a security audit.

Findings:

1. shell.openPath accepts arbitrary paths (RCE risk)
2. FILE_READ/FILE_LIST have no path confinement
3. CONFIG_SET can bypass PTY shell allowlist
4. PTY keystroke preview logged to disk
5. git-diff-service path traversal
6. TMAX_UPDATE_TEST_URL not gated for production
7. npm postinstall downloads without integrity verification

PR with fixes for items 1-6 incoming.