feat(shell): $VAR in mixed words and double quotes (segment model)

[hartsock]

Part of #46. Makes $VAR/${VAR} expansion work in mixed words ($HOME/config, pre$X.log) and inside double quotes ("$HOME/x"), not just whole-word.

What

• parse.rs — a Seg { Lit | Var } type; Arg::Var now carries Vec<Seg>, so a word interleaves literal runs and variable references. read_var_name drops the whole-word restriction; double-quote $VAR expands. A word that is both a glob and variable-bearing ($DIR/*.rs) is refused (deferred).
• shell_tool.rs — invoke allowlists every Seg::Var name before any spawn; expand_stage_argv concatenates segments (literals as-is, allowlisted vars from the env) into one literal.

Security (unchanged shape)

The secret-free allowlist is still a name-only check in invoke before any spawn — so even a mixed word like pre$AWS_SECRET_KEY is denied. Value substitution stays in the real spawner; single-literal, no re-split / no re-glob of the value (no re-injection). No new seam — same mockability (allowlist mocked in invoke; value read integration-tested).

Testing

• Parser: mixed/quoted segments; ${X} braces; glob+var refused; invalid/bare-$/$( refused; escaped \$ literal.
• Mocked: allowlisted var reaches the spawner as segments; non-allowlisted denied (incl. inside a mixed word); var-as-program denied.
• Integration (real env): echo $HOME/sub and echo "prefix-$HOME" expand to the env value.

Remaining on #46 (smaller follow-ups, left open)

• $VAR in redirect targets (> $TMPDIR/out) — needs the redirect path to become segments + an env seam to keep the resolved-path leash mockable.
• glob and variable in one word ($DIR/*.rs).

Test plan

just check green (fmt + clippy all-features & no-default-features + workspace tests).

🤖 Generated with Claude Code