[Phase 7A] Input hardening: CSI drain, F1–F12, modifier+arrow sequences

[fissible]

What

Harden input handling in src/input.sh and src/keymap.sh:

1. Generic CSI drain path — when shellframe_read_key encounters an unrecognized ESC sequence, drain remaining CSI bytes (up to a final byte in @A-Za-z) to prevent buffer leakage corrupting subsequent key reads.
2. F1–F12 constants + recognition — add SHELLFRAME_KEY_F1–SHELLFRAME_KEY_F12 constants and handle them in shellframe_read_key. F1–F4 use SS3 sequences (\x1bOP–\x1bOS); F5–F12 use CSI sequences (\x1b[15~, \x1b[17~–\x1b[21~, \x1b[23~, \x1b[24~).
3. Modifier+arrow sequences — recognize \x1b[1;2A (Shift+Up), \x1b[1;3A (Alt+Up), \x1b[1;5A (Ctrl+Up) and the equivalent Down/Left/Right variants. Add named constants and handle in shellframe_read_key.

Files

• src/input.sh — extend shellframe_read_key CSI parsing
• src/keymap.sh — add new key constants; extend shellframe_keyname

Done criteria

• Unknown CSI sequences are drained, not leaked — confirm by injecting an unrecognized sequence and verifying the next key read is clean
• F1–F12 recognized and named correctly in shellframe_keyname
• Shift/Alt/Ctrl+arrow sequences recognized and named correctly
• Unit tests in tests/unit/test-input.sh + tests/unit/test-keymap.sh covering all new constants and drain behavior
• All existing assertions still pass

IO/timing note (CLAUDE.md §5)

The CSI drain path involves real terminal read timing. Do not rely on theoretical reasoning about when bytes arrive — write a test that injects a synthetic unrecognized sequence into a real bash process and confirms drain works correctly.

Effort

S (1–2h)

Deps

• [P2] Keyboard input mapping module #4 (keyboard input mapping) — closed, already in place
• Unblocks Phase 7C (mouse SGR parsing)

[fissible]

Implemented in commit 49cb53a. Added F1–F12 constants (SS3 and CSI variants), 12 modifier+arrow constants (Shift/Alt/Ctrl × Up/Down/Left/Right), keymap names for all new sequences, and explicit documentation of the CSI drain path. 61 new assertions (37 test-input.sh + 24 test-keymap.sh). 1136/1136 total unit assertions pass.