🔒 SECURITY: Add security warnings during installation

[dean0x]

Security Enhancement: Installation Security Warnings

Severity: MEDIUM
Priority: HIGH
Category: User Awareness

Problem

Users are not informed about security implications of statusline script execution:

• Script runs with full user privileges
• Executes on every Claude Code session
• No integrity verification
• Path can be manipulated

Impact

• Users unaware of security risks
• No informed consent about code execution
• Difficult to audit what's being executed

Solution

Add clear security warnings during installation:

console.log('\n⚠️  SECURITY NOTICE:\n');
console.log('   DevFlow statusline script will execute with your user permissions');
console.log('   on every Claude Code session.');
console.log('');
console.log('   Script location: ' + scriptPath);
console.log('   Script permissions: executable (0755)');
console.log('');
console.log('   To verify script integrity:');
console.log('   cat ' + scriptPath);
console.log('');

Also add --verify flag to check installation:

npx devflow-kit init --verify
# Outputs:
# ✓ Script integrity: VERIFIED
# ✓ Path security: SAFE
# ✓ Permissions: CORRECT (0755)

Files to Modify

• src/cli/commands/init.ts (add warnings after script installation)
• Add --verify option to init command
• Update README with security section

Acceptance Criteria

• Security warning displayed during installation
• Show script path and permissions clearly
• Add --verify flag to check installation integrity
• Document security model in README
• Add security section to documentation

Related Issues

• 🔒 SECURITY: Validate DEVFLOW_DIR environment variable #5 (Path validation)
• 🔒 SECURITY: Prevent symlink attacks during installation #6 (Symlink protection)