fix(tui): avoid clipboard helper path hijacking

[BunsDev]

Motivation

• Close a local code-execution vector where clipboard helpers were spawned by unqualified executable names (e.g. pbcopy, xclip, powershell) which can be hijacked by attacker-controlled current-directory/PATH entries.

Description

• Route all TUI copy paths to the shared clipboard writer by making copy_to_clipboard and try_copy_to_clipboard call crate::image_paste::write_clipboard_text instead of spawning bare helpers.
• Add resolver helpers in crates/tui/src/image_paste.rs: trusted_command_path (checks fixed system locations like /usr/bin and /usr/local/bin) and trusted_windows_powershell (resolves PowerShell under SystemRoot), and use those resolved paths when invoking external helpers.
• Replace direct Command::new("pbcopy"|"xclip"|"xsel"|"wl-paste"|"powershell") calls with invocations that prefer resolved, trusted absolute paths and skip helpers if none are found.
• Small cleanup: remove unused std::io::Write import in message_copy.rs and update related call sites in app.rs to use the centralized helper.

Testing

• Ran cargo check -p claurst-tui --no-default-features which completed successfully with one unrelated warning in rustle.rs.
• Ran git diff --check (no new issues introduced by this patch).
• cargo check --workspace is blocked by missing system ALSA pkg-config dependency in the environment and could not be completed here.
• cargo clippy / cargo fmt --all --check could not be fully validated due to existing repo-wide issues unrelated to this change.

---

Codex Task

[Copilot]

Pull request overview

This PR hardens the TUI’s clipboard integration against local executable-path hijacking by centralizing clipboard text writes and resolving clipboard helper executables via trusted absolute paths rather than relying on unqualified names.

Changes:

• Centralize “copy text to clipboard” behavior by routing copy_to_clipboard and try_copy_to_clipboard through crate::image_paste::write_clipboard_text.
• Add trusted helper resolution in image_paste.rs (fixed-location lookup on Unix; SystemRoot-based resolution for Windows PowerShell) and use it for clipboard write subprocesses.
• Remove now-unneeded per-callsite clipboard spawning logic/imports in message_copy.rs and app.rs.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
src-rust/crates/tui/src/message_copy.rs	Removes ad-hoc clipboard spawning and routes copy through the shared clipboard writer.
src-rust/crates/tui/src/image_paste.rs	Introduces trusted helper resolution and applies it to clipboard text writing helpers.
src-rust/crates/tui/src/app.rs	Simplifies clipboard copy helper to call the centralized trusted clipboard writer.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.