[FEATURE]: fix recurring bash permission bypasses with a structural parser

[webpro]

Feature hasn't been suggested before.

• I have verified this feature I'm about to request hasn't been suggested before.

Describe the enhancement you want to request

Problems

The bash path carries tree-sitter-bash — a wasm grammar with async init — and permission patterns are string-derived from its command text. That string-handling keeps producing bypasses with the same root cause (no exposed structure):

• CI=true git commit doesn't match git *, ask and deny skipped ([Bug]: Inline env var prefix (e.g. CI=true git commit) bypasses bash permission rules #16075, Bash permission rules don't match commands with env variable prefixes #14110); the in-flight fix (fix: strip inline env var prefixes from bash permission patterns #28475) re-attaches the redirect by slicing parent.text.
• inner commands in wrappers (sh -c "rm -rf /") aren't checked (feat(permission): extract inner commands from wrappers for permission matching #16724, gone stale).
• each new quoting/substitution case needs another point fix.

Proposal

Replace tree-sitter-bash with unbash — a 0-dep, sync TypeScript bash parser, and build permission patterns from its AST. Two wins from one change: drop the large dependency and its async init, and make the bypasses structural fixes (env prefix = a field to drop) instead of per-case string-munging. PowerShell stays on tree-sitter (unbash is bash-only).

Full disclosure: I wrote unbash, and this opencode use case seems to be a great fit.

Working branch already: swap done, parity-tested against tree-sitter-bash over a command corpus, full shell.ts permission suite green; bypass fixes on top.

So the ask is, are you open to a PR(s)?