fix: improve acl exploit routing and certipy_shadow hash handling

[l50]

Key Changes:

• Improved dispatch logic to route ACL-style vulnerabilities to the correct worker
• Fixed certipy_shadow to ignore empty hashes and correctly fall back to passwords
• Enhanced documentation and input validation for Certipy Shadow tool schema
• Added comprehensive tests for ACL-type detection and certipy_shadow argument handling

Added:

• ACL-style vulnerability detection - Introduced is_acl_style_vuln_type helper to match both bare and prefixed forms of ACL exploitation primitives in task_builders.rs
• Unit tests for ACL-style vuln type detection, covering both matching and rejection cases in task_builders.rs
• Unit tests for certipy_shadow argument handling, including scenarios with empty hashes and valid hashes in adcs.rs

Changed:

• Exploit dispatch logic - Refactored dispatcher to use is_acl_style_vuln_type to select the correct worker (acl vs privesc) based on the vulnerability type when recommended_agent is empty, ensuring ACL primitives are handled by the right agent
• Certipy Shadow input schema and documentation - Clarified that exactly one of password or hashes should be provided, and that empty strings must be omitted, in both the tool description and field descriptions in adcs.rs
• certipy_shadow argument parsing - Updated to treat empty string hashes as missing, ensuring the password fallback triggers and preventing invalid empty values from being passed to certipy in adcs.rs

Removed:

• Legacy role inference relying solely on the privesc default for exploit tasks in task_builders.rs; now dynamically chooses between acl and privesc based on vuln type

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (feat/more-attack-cov@9de852d). Learn more about missing BASE report.

Additional details and impacted files

@@                   Coverage Diff                   @@
##             feat/more-attack-cov     #284   +/-   ##
=======================================================
  Coverage                        ?   76.35%           
=======================================================
  Files                           ?      432           
  Lines                           ?   113169           
  Branches                        ?        0           
=======================================================
  Hits                            ?    86407           
  Misses                          ?    26762           
  Partials                        ?        0           

Files with missing lines	Coverage Δ
...s-cli/src/orchestrator/dispatcher/task_builders.rs	69.86% <100.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.