feat: update BashTool command parsing logic

[RinZ27]

Refined the command parsing logic in BashTool by adding a check for empty command arrays during tree-sitter traversal. This prevent processing malformed shell structures that could lead to unexpected execution behavior.

Security Risk: Potential for command injection or agent escape if malformed input nodes are processed without validation.

Fixes #7478
Fixes #7504

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Duplicate PR Search Results

No duplicate PRs found. ✓

The search results only returned the PR itself (PR #6948), which is expected. Additional searches for related security and validation terms yielded no other open PRs addressing:

• BashTool security hardening
• Command injection prevention
• Shell syntax validation

Conclusion: This PR appears to be unique and is not duplicating any existing open pull requests in the repository.

[github-actions]

Hey! Your PR title Hardening BashTool input validation doesn't follow conventional commit format.

Please update it to start with one of:

• feat: or feat(scope): new feature
• fix: or fix(scope): bug fix
• docs: or docs(scope): documentation changes
• chore: or chore(scope): maintenance tasks
• refactor: or refactor(scope): code refactoring
• test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

[RinZ27]

Closing this in favor of PR #19290, which implements a more comprehensive security hardening for BashTool including full tree-sitter node validation and environment sanitization. @thdxr please review #19290 instead.