feat: add 'Copy Scaffolding' dropdown with shell command generator

[drehelis]

No description provided.

[Copilot]

Pull request overview

Adds a new “Copy Scaffolding” option to generate and copy a shell command that recreates the current .devcontainer file set, integrating it into the editor actions, tabs UI, and command palette.

Changes:

• Added a new copyOneLiner() action + oneLinerStatus state to useEditorActions.
• Replaced the single “Copy” button with a “Copy Options” dropdown in EditorTabs (Copy active file vs. Copy scaffolding).
• Wired the new action/status through App.vue, including a new command palette action.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
src/composables/useEditorActions.ts	Implements the shell command generator and exposes new status/action.
src/components/layout/EditorTabs.vue	Adds the Copy dropdown UI and new one-liner emit path.
src/App.vue	Passes new props/handlers and registers a command palette action for it.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The generated shell command is unsafe with untrusted presetFiles names/content coming from share URLs. File names are interpolated into the redirection path unquoted (> .devcontainer/${name}), which enables command injection if name contains shell metacharacters/newlines; and using a fixed heredoc delimiter (EOF) can be prematurely terminated if file content contains a line equal to EOF, causing subsequent lines to be executed as shell commands. Mitigation: strictly validate/normalize allowed file names (e.g., reject path separators/whitespace/control chars), quote the output path, and use a per-file delimiter guaranteed not to appear in the content (or switch to a base64/printf-based approach that avoids heredocs entirely). Also consider creating parent directories for any nested paths if they are allowed.