fix: critical patches for ssh signing, profile switching, and subdir support
This release addresses several critical issues discovered during E2E testing:
- **fix(exec):** Prevent crash in Exec Mode when using SSH signing.
- Sanitizer now resets `gpg.format` to "openpgp" and `gpg.ssh.program` to "ssh-keygen" instead of empty strings (which caused Git to exit with code 128).
- **fix(switch):** Correctly replace active profile instead of appending.
- Now cleans up existing Gosh include paths before adding the new one to prevent ambiguous identity resolution.
- **fix(core):** Support running Gosh from deep subdirectories.
- Replaced manual `.git` folder check with `git rev-parse` to correctly detect repository root.
- **security:** Hardened Blind Injection defaults to align with Git 2.52+ strictness.
This commit introduces the complete core logic for Gosh (Git Operations Shell),
providing a fail-safe mechanism for managing multiple Git identities.
Key features implemented:
- **Ephemeral Execution (Exec Mode)**: Uses `git -c` with blind injection to
sanitize the environment (clearing user/gpg keys) before injecting the
target profile. Zero disk modification.
- **Persistent Switching (Switch Mode)**: Modifies `.git/config` using
`[include]` directive. Supports `-f` force mode to strictly sanitize
legacy dirty configurations (removing user/gpg sections).
- **Setup Automation**: Handles `clone` and `init` by automatically inferring
directory names and applying the profile immediately.
- **Profile Management**: CRUD operations (-c, -r, -e, -l) for profiles.
- **Config**: XDG-compliant configuration with auto-initialization at
`~/.config/gosh/`.
- **Testing**: Comprehensive integration suite covering isolation, injection,
persistence, and sanitization logic.
Implements strict security boundaries defined in the PRD (Blacklist/Whitelist).
