fix(security): pre-release security hardening

[pmclSF]

Summary

• Command injection (BLOCKER): Replace exec() with execFile() in repoConverter.js to eliminate shell interpolation on git clone URLs; add validateRepoUrl() with protocol, structure, and metacharacter validation
• Path traversal (BLOCKER): Apply existing safePath() to root and outputDir in handleAnalyze and handleConvert server handlers, returning 403 on escape attempts
• CSRF protection: Generate per-session crypto.randomUUID() token at server startup; require X-Hamlet-Token header on all POST requests (401 on mismatch); expose token via /api/health for local client bootstrapping
• Security headers: Set X-Content-Type-Options: nosniff, X-Frame-Options: DENY, Referrer-Policy: no-referrer, Cache-Control: no-store, Content-Security-Policy: default-src 'none' on all responses; return 204 on OPTIONS preflight

Test plan

• npm run format:check passes
• npm run lint passes
• npm test passes (726 suites, 2231 tests)
• New validateRepoUrl tests cover valid URLs, injection payloads, null bytes, non-string input, unrecognized protocols, and malformed URLs
• New server tests verify CSRF rejection (missing/wrong token), path traversal rejection (absolute/relative escapes on analyze and convert), security header presence, and OPTIONS preflight response
• Manual: hamlet convert "https://github.com/x/y; touch /tmp/pwned" --from jest --to vitest → "Invalid repository URL" before any exec
• Manual: curl -X POST http://127.0.0.1:<port>/api/analyze -d '{"root":"/etc"}' → 401 (missing token) or 403 (path outside root)

🤖 Generated with Claude Code