Run a shell command with the Workspace as the working directory.
Runs via a Port so a hung command can be killed on timeout (closing the port
terminates the spawned process — no orphan), unlike a blocking System.cmd/3. The
timeout is an open knob: context.bash_timeout_ms or config :pixir, :bash_timeout_ms
(default 120s).
v0.1 safety is confinement of the cwd only — a shell command can still reach beyond
it. The permission gate (ADR 0006) is the guard: under :ask, non-safe commands
prompt; under :read_only they are refused.