chore(#153): extend Bash-write matcher beyond first-version coverage

[atlas-apex]

Summary

Extends _lib-detect-bash-write.sh (introduced in #152 for #151) with the matcher families that Rex's review flagged as missing from the first-version coverage. AgDR-0011 already frames the matcher table as a living list extended on observation; this PR walks the list.

• File-moving builtins — cp, mv, rm, dd, install. Anchored at command-start. --help/--version and git rm/git mv are excluded so git rm src.txt and cp --help stay read-class.
• Archive / network writes — tar -x / tar --extract, curl -o / --output, wget -O / --output-document. Flag-gated so tar -t (list), curl <url> (bare fetch), wget --help stay read-class.
• Additional interpreters — perl -e and php -r keyword-gated like the existing python/node/ruby matchers; go run, deno run/deno script.ts, bun run/bun script.ts matched categorically as script runners.
• Python helpers — pathlib.Path().touch(), shutil.copy*, shutil.move, os.rename added to the python -c and python-heredoc keyword list.
• Heredoc variants for ruby and node — previously only python's heredoc form was matched.
• Extractor extensions — cp/mv return the last positional arg; curl -o/--output and wget -O/--output-document return the file argument. go run/deno/bun/perl -e/php -r/tar -x return empty (caller gates categorically per AgDR-0011).

Refactored the matcher into one _bdw_match_<family> helper per family so future extensions land as additional helpers rather than additional if branches in one big function.

Testing

• bash .claude/hooks/tests/test_detect_bash_write.sh — 86/0 (was 32/0 before [Chore] Extend Bash-write matcher in _lib-detect-bash-write.sh beyond first-version coverage #153). Includes ≥3 negative-class counterexamples for every new family: tar -t, tar --list, tar -tzf, cp --help, cp --version, rm --help, mv --version, git rm, git mv, curl -s url, curl bare, wget --help, wget bare, deno fmt, deno test, go build, go version, perl -v, php --version.
• bash .claude/hooks/tests/test_require_active_ticket_bash.sh — 12/12 (regression check, unchanged).
• No edits outside .claude/hooks/_lib-detect-bash-write.sh and .claude/hooks/tests/test_detect_bash_write.sh.

Glossary

Term	Definition
Matcher family	One self-contained shape the detector looks for (redirection, tee, sed -i, file-mover, archive-extractor, …). Each is a separate _bdw_match_* helper.
Categorical match	A matcher that fires whenever the command shape is present, without inspecting payload contents. Used for go run, deno, bun where the script body could write but isn't visible to the detector.
Keyword-gated match	A matcher that requires both the interpreter shape (python -c, node -e, perl -e, …) AND a write-related keyword (writeFile, open(…, "w"), unlink, …) before firing. Reduces false positives on read-only one-liners.
Living list	AgDR-0011's framing of the matcher table as a list of patterns extended whenever a new bypass shape is observed in the wild, rather than a fixed-once-and-done specification.
False-negative preference	The tightness target the detector aims for: missing one obscure write pattern is acceptable; blocking a legitimate read-only command on a fresh-adopter test is not.
Bootstrap exemption	The .claude/session/active-bootstrap marker that lets /setup, /handover, /update, /split-portfolio write files without an active ticket. Orthogonal to this PR but the reason the matcher can be stricter without breaking first-run UX.