…ent security hardening

Database Layer (Issue TruFoundation#24):
- Refactored _ensure_initialized() to use direct sqlite3.connect() instead of get_db_connection()
- Added global _INITIALIZED flag to prevent redundant table creation
- Separated _get_db_path() function to avoid circular dependencies
- Resolves RecursionError during shell startup or first DB access

OS Passthrough Security (Issue TruFoundation#19):
- Added 'import shlex' for safe command parsing
- Replaced subprocess.run(shell=True) with subprocess.run(shlex.split(), shell=False)
- Added validation to block pipes (|) and redirects (>, <) before execution
- Prevents shell injection vulnerabilities

Plugin System (Issue TruFoundation#10):
- Added @classmethod reset() to PluginManager for singleton reset during testing
- Created tests/conftest.py with autouse fixture for proper test isolation

Configuration Cleanup (Issue TruFoundation#6):
- Removed broken theme_engine plugin reference from plugins.md (path doesn't exist)

* fix: resolve critical windows compatibility and core stability issues

* testcommit

* fix: resolve infinite recursion in database initialization and implement security hardening

Database Layer (Issue #24):
- Refactored _ensure_initialized() to use direct sqlite3.connect() instead of get_db_connection()
- Added global _INITIALIZED flag to prevent redundant table creation
- Separated _get_db_path() function to avoid circular dependencies
- Resolves RecursionError during shell startup or first DB access

OS Passthrough Security (Issue #19):
- Added 'import shlex' for safe command parsing
- Replaced subprocess.run(shell=True) with subprocess.run(shlex.split(), shell=False)
- Added validation to block pipes (|) and redirects (>, <) before execution
- Prevents shell injection vulnerabilities

Plugin System (Issue #10):
- Added @classmethod reset() to PluginManager for singleton reset during testing
- Created tests/conftest.py with autouse fixture for proper test isolation

Configuration Cleanup (Issue #6):
- Removed broken theme_engine plugin reference from plugins.md (path doesn't exist)

* polish: improve UI, fix process management, and enhance help system

Process Management (Issue #11):
- Wrapped _run_external_command polling loop in try/finally block
- Ensures process.wait() is called in finally block to prevent zombie processes
- Gracefully handles psutil exceptions without losing process cleanup

UI/UX Improvements (Issues #12, #13):
- Fixed argv mutation in app_with_lower() - now creates sys.argv.copy() instead of mutating global
- Fixed Windows emoji crash in _prompt_command() - added try/except for UnicodeEncodeError
- Fallback to plain ASCII 'trushell> ' prompt when UTF-8 emojis fail on limited terminals

Readline & History Support (Issue #22):
- Added prompt_toolkit>=3.0.0 to dependencies in pyproject.toml
- Replaced input() with toolkit_prompt() in _prompt_command()
- Enables command history and tab completion on all platforms

Settings Data Integrity (Issue #15):
- Implemented dirty_settings dict to track all setting changes
- Added watch_value() handlers on Input/Select/Switch widgets
- _save_settings() now safely persists all changes without querying unmounted widgets
- Prevents data loss when switching categories without saving

Help System Enhancements (Issues #25, #27):
- run_help() now accepts command name argument
- Shows specific command docstrings when 'help <command>' is used
- Fixed typo in help text: 'showtask' → 'showtasks'
- Updated help message to indicate 'help <command>' is now available

---------

Co-authored-by: Akshaj Singhal <85437940+AkshajSinghal@users.noreply.github.com>