fix(core): require approval for force delete on Windows

[hdcodedev]

What

Implemented detection for dangerous "force delete" commands on Windows to trigger the user approval prompt when --ask-for-approval on-request is set. This aligns Windows behavior with the existing safety checks for rm -rf on Linux.

Why

Fixes #8567 - a critical safety gap where destructive Windows commands could bypass the approval prompt. This prevents accidental data loss by ensuring the user explicitly confirms operations that would otherwise suppress the OS's native confirmation prompts.

How

Updated the Windows command safety module to identify and flag the following patterns as dangerous:

• PowerShell: Remove-Item (and aliases) when used with the -Force flag.
• CMD: del /f (force delete files).
• CMD: rd /s /q (recursive delete quiet).
  • Note: rd /s (without /q) is NOT flagged because it already natively prompts the user.

Testing

Added comprehensive unit tests covering:

• Remove-Item -Path 'test' -Recurse -Force (Exact reproduction case).
• del /f (Flagged).
• rd /s /q (Flagged).
• rd /s (Not flagged - confirms no false positives).
• Standard deletions without force flags.
• Verified with cargo test and cargo clippy.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[hdcodedev]

Merged latest main to pick up the lru advisory fix (RUSTSEC-2026-0002). cargo deny now passes.