feat: integrate vet for secure script execution fallback

[scuba3198]

Closes #36

Description

This PR integrates vet into the tirith run execution pipeline to provide a seamless, secure fallback for shell script execution. When enabled, it replaces the default interactive prompt with an automatic handoff to vet, which provides its own diff inspection and interactive execution guard.

Changes Included

• Added use_vet_runner boolean to the Policy struct in .tirith/policy.yaml (default: false).
• Modified tirith-core/src/runner.rs to intercept script execution:
  • If use_vet_runner: true and vet is available in PATH, the script's origin URL is seamlessly passed into vet.
  • If use_vet_runner: true but vet is not installed, it safely warns the user and falls back to the default tirith warning system.
• Added which dependency to safely check for the vet binary.
• Updated cookbook.md with examples for enforcing vet via tirith configuration.
• Cleaned up several preexisting dead_code and unused_import warnings across webhook.rs, audit_upload.rs, and assets.rs to achieve a 0 warnings baseline because running cargo clippy --workspace --all-targets -- -D warnings (which is standard practice to ensure code quality) was failing my local builds due to these existing warnings, and I wanted to ensure my PR passed strict CI checks without introducing any new noise.

Testing

• cargo build and cargo fmt succeed with zero errors.
• cargo clippy --workspace --all-targets -- -D warnings finishes with zero warnings.
• cargo test --workspace fully succeeds (163/163 pass).
• Tested behavior manually on WSL to ensure proper handling of script execution, utilizing a file:// protocol injection to force 🦀 vet to audit the local cache and eliminate any TOCTOU race conditions.

Note

Delegate tirith-core::runner.run to external vet when policy use_vet_runner is true and a which-resolved vet binary is available

Add policy flag policy::Policy.use_vet_runner with #[serde(default)], pass cwd via tirith-core::runner::RunOptions, and conditionally invoke vet using a file:// URI for the cached script with fallback to existing execution; update CLI to set cwd and add docs for configuration in cookbook.md.

📍Where to Start

Start with the delegation path in tirith-core::runner::run in runner.rs.

^{Macroscope summarized c545532.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8ea66d1375

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".