feat(omzsh-plugin): strip to minimal, secure shell integration

Replaces the 1343-line plugin and 604-line completion file with a focused, auditable implementation:

muse.plugin.zsh (~175 lines): - Detects Muse repo by walking up from $PWD (pure ZSH, zero forks) - Reads branch from .muse/HEAD with regex validation; rejects unsafe names and %-escapes the result before prompt interpolation - Reads domain from .muse/repo.json via a single python3 call, path passed via MUSE_REPO_JSON env var (never interpolated into -c string) - Dirty check runs only after a muse command (timeout-guarded) - Zero subprocesses on every prompt render - 15 core aliases (mst, mcm, mco, mlg, mlgo, mlgg, mdf, mbr, mtg, …) - No eval, no ls word-splitting, no session logging, no agent system

_muse (~150 lines): - Completes all top-level commands with descriptions - Branch/tag/remote lookup via ZSH glob (no ls, no subprocess) - Subcommand dispatch for stash, remote, plumbing, commit flags

Security fixes applied (all were present in the prior version): - Branch name prompt injection (% escaping + regex gate) - Python -c string injection (env var path passing) - eval of post-hook user commands (removed entirely) - ls word-splitting in completion (replaced with ZSH globbing) - Unvalidated commit_id used in file paths (removed code paths) - Hand-rolled JSONL escaping (removed session logging entirely) - muse-safe-merge opening paths from MERGE_STATE.json (removed)