Address a code review of the git-hardening changes.
- single runRaw primitive: every git invocation funnels through it; run() is a
thin throw+trim wrapper; the two direct execFileAsync bypasses (commitRaw,
assertGitAvailable) removed; one unified error format
- `-c core.quotepath=false` is now the argv baseline for ALL commands (was only
listTrackedFiles) — removes the latent quoting asymmetry on ls-files -u /
diff --name-only; persisted LOCAL config (autocrlf/safecrlf/gpgsign/
attributesFile) kept as-is in ensureRepo
- preserve spawn-error message (ENOENT): use `||` not `??` (promisified execFile
sets stderr to "" on spawn failure)
- contextual error when pinning vault git config; module/vaultGitEnv docs corrected
- README: require a system git binary on PATH for local runs
- tests: --no-verify honored (failing pre-commit hook), vaultGitEnv pins,
core.attributesFile=/dev/null neutralization (593 green)