Add guarded Git support to ds4-agent

[FabioMalpezzi]

This PR adds a native git tool to ds4-agent.

The goal is to let the agent inspect and manage the current repository without asking the model to synthesize shell commands for common Git workflows. The tool builds argv directly and never invokes Git through a shell.

Implemented actions include:

• inspection: info, status, changed_files, diff, log, show, ls_files, file_at_ref, blame, path_history
• branch/review helpers: remote_list, merge_base, merge_preview, rebase_preview
• guarded local changes: stage, unstage, commit, worktree_restore, switch, stash_*
• guarded remote/integration operations: fetch, push, merge, rebase, merge_abort, rebase_abort

Safety properties:

• no reset
• no clean
• no raw checkout
• no force push
• no delete refspecs
• merge is limited to --ff-only
• Git is run non-interactively with prompts/editors/askpass disabled
• every Git subprocess has a bounded timeout
• output is capped
• refs, remotes, paths, ranges, and messages are validated before invoking Git
• real mutating Git actions require interactive user approval before execution
• riskier actions also require an explicit model-visible confirm=true flag

The implementation is intentionally isolated in ds4_agent_git.c with a small integration surface in ds4_agent.c.

Tests added:

• command construction and read-only actions
• staging, unstaging, commit, restore, switch, stash, fetch/push, merge/rebase
• unsafe ref/refspec rejection
• required confirm=true guardrails
• non-interactive Git environment
• timeout handling with process-group kill

Validation run locally:

• ./tests/ds4_agent_git_test
• make test
• make cpu
• git diff --check