fix: warn when sudo password is ignored outside exec

[inureyes]

Summary

• Follow-up to fix: collect --password once up-front and honor -S consistently across subcommands #201 / fix: collect --password once up-front instead of per-connection; honor -S consistently across subcommands #200 after review of the merged implementation.
• Warn for -S on interactive shells, where automatic sudo-response injection is not implemented and the flag was previously silently ignored.
• Avoid collecting --password in dispatcher paths that do not create SSH connections (list, cache-stats) if dispatch_command() is called directly.
• Add dispatcher unit tests covering sudo/SSH password applicability decisions.

Review Notes

• Correctness: fix: collect --password once up-front and honor -S consistently across subcommands #201 correctly hoists SSH password collection and threads Arc<Password> through exec, ping, SFTP, interactive, jump-host, and legacy command paths. This PR closes the remaining applicability gap for ignored flags.
• Security: no new secret logging or command execution surface is introduced. The change reduces unnecessary secret collection on local-only paths.
• Performance: no hot-path overhead beyond small boolean helper checks before dispatch.

Test Plan

• cargo test --bin bssh dispatcher::tests
• cargo test --lib security::password
• cargo test --lib ssh::auth
• cargo test --lib jump::chain
• cargo test --lib
• cargo test --bin bssh
• cargo fmt --all -- --check
• cargo check --lib --bins --tests
• cargo clippy --lib --bins --tests -- -D warnings

[inureyes]

Review / Finalization Summary

Scope Reviewed

• Reviewed merged fix: collect --password once up-front and honor -S consistently across subcommands #201 against issue fix: collect --password once up-front instead of per-connection; honor -S consistently across subcommands #200 acceptance criteria: single up-front --password collection, shared password propagation through exec/ping/SFTP/interactive/jump-host paths, BSSH_PASSWORD handling, and -S ignored-flag behavior.
• Verified the implementation uses Password backed by secrecy::SecretString, redacts debug output at the wrapper layer, and threads credentials via Arc<Password> instead of prompting inside parallel per-node tasks.

Findings

• Correctness gap fixed here: -S was still silently ignored for interactive shells / SSH-mode no-command sessions, because sudo response injection only exists in exec streaming paths.
• Defensive cleanup fixed here: local-only dispatcher paths now avoid collecting an unused --password if dispatch_command() is invoked directly for list or cache-stats.
• CI-only issue fixed here: GitHub Actions uses a newer clippy that rejects an existing .chain(files.into_iter()) in the internal SFTP crate; the no-op conversion was removed.

Security Review

• No new credential logging or command execution surface introduced.
• The follow-up reduces unnecessary secret collection on local-only paths.
• Existing BSSH_PASSWORD env-var behavior remains documented as automation-only and discouraged for production.

Performance Review

• Dispatcher changes are constant-time flag checks before command routing.
• SFTP clippy fix is behavior-preserving and allocation-neutral.

Validation

• cargo test --bin bssh dispatcher::tests: passed
• cargo test --lib security::password: passed
• cargo test --lib ssh::auth: passed
• cargo test --lib jump::chain: passed
• cargo test --lib: passed (1233 passed, 9 ignored)
• cargo test --bin bssh: passed (51 passed)
• cargo fmt --all -- --check: passed
• cargo check --lib --bins --tests: passed
• cargo clippy --lib --bins --tests -- -D warnings: passed
• cargo clippy -- -D warnings: passed
• cargo test -p bssh-russh-sftp --lib: passed (5 passed)
• cargo test --tests --verbose -- --skip integration_test: passed
• GitHub Actions CI: passed
• GitHub license/cla: passed

Remaining Risk

• No unresolved review findings remain for fix: collect --password once up-front instead of per-connection; honor -S consistently across subcommands #200 / fix: collect --password once up-front and honor -S consistently across subcommands #201 follow-up.