Backticks in git commit -m messages can trigger shell expansion
during hook processing. This adds:
- .githooks/pre-commit: warns when commit message contains
backticks (reads COMMIT_EDITMSG, warns but does not block)
- scripts/safe-commit.sh: safe commit wrapper using -F <file>
instead of -m (prevents all shell expansion)
- docs/SAFE_COMMIT_PATTERNS.md: documents safe patterns and
what NOT to do
The repo hooks (pre-commit, stale-pr-closer) are already clean.
This is preventive hardening + documentation.
Fixes#1430
