Fix terminal command substitution quote handling

[pragnyanramtha]

Description

Fixes command-substitution scanning in @continuedev/terminal-security so it follows shell quoting rules more closely:

• ignores $() and backticks when they are literal text inside single quotes
• keeps command-substitution detection active inside double quotes
• evaluates nested commands inside process substitutions such as <(...)
• treats process-substitution-looking text inside double quotes as literal text

This avoids unnecessary permission prompts for safe commands like echo 'literal $(name)' while preserving and tightening detection for executable substitutions.

AI Code Review

• Team members only: AI review runs automatically when PR is opened or marked ready for review
• Team members can also trigger a review by commenting @continue-review

Checklist

• I've read the contributing guide
• The relevant docs, if any, have been updated or created
• The relevant tests, if any, have been updated or created

Screen recording or screenshot

N/A - terminal-security unit test coverage only.

Tests

• npx vitest run test/terminalCommandSecurity.test.ts -t "Subshell and Command Substitution"
• npm test
• npm run build
• git diff --check

---

Summary by cubic

Fixes command-substitution detection in @continuedev/terminal-security to follow shell quoting rules. Reduces false permission prompts while tightening detection for nested and process substitutions.

• Bug Fixes
  • Ignore $() and backticks inside single quotes; keep detection inside double quotes.
  • Detect nested substitutions and process substitutions like <(...)/>(...), but treat them as literal inside double quotes.
  • Replace naive checks with scanCommandSubstitutions, findClosingBacktick, and findClosingParen for quote- and escape-aware parsing.
  • Expand tests to cover single vs. double quotes and process substitution scenarios.

^{Written for commit a1402d4. Summary will update on new commits. Review in cubic}

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[cubic-dev-ai]

No issues found across 2 files

_{Re-trigger cubic}

[pragnyanramtha]

I have read the CLA Document and I hereby sign the CLA