fix(no-vibes): exempt pure-display echo/printf from destructive matcher (false positive)

[waitdeadai]

What

is_destructive_bash() in hooks/no-vibes.sh matches each destructive pattern as a
substring of the whole command (and a de-quoted copy). So a benign command that
only displays a destructive op — e.g. echo 'reminder: avoid git push --force on shared branches' — is wrongly blocked (exit 2). This is a real, daily false
positive: documentation/reminder echos and comments mentioning destructive ops get
gated.

Fix (narrow, bypass-safe)

Add a precision pre-guard: exempt a command only when it is a pure-display
echo/printf of literal args with no way for the mentioned text to execute or
redirect — no pipe/background/chaining/redirect (| & ; < >), no backtick, no
$( command substitution. Anything that can execute or redirect (bash -c '…',
$(…), echo … > /dev/sda, echo …; rm …) falls through to the unchanged
matcher. This cannot open a bypass: a lone echo/printf of literal text has no
execution or write path.

Tested

• Added regression fixture tests/stress/no-vibes/negative/40-echo-mentions-force-push.json
  (negative = expect allow). It failed before the fix, passes after.
• bash tests/stress/run.sh --hook no-vibes → 69/69 pass (was 68/69 with the new
  fixture).
• bash tests/test-pack-loader.sh → 17/17 pass.
• Full suite: my change takes it from 332→333 pass (the one flip is this fixture). The
  remaining 5 failures are pre-existing and unrelated — all in no-fake-cite/positive
  (arxiv/doi/citation patterns), failing identically with or without this change. Not
  touched here.
• Measured with hookbench: on the same
  command corpus the patched hook goes false-positive rate 33% → 0% with recall held
  at 100% (the real git push --force origin main still blocks; only the echoed
  mention is now allowed).

Out of scope

The 5 pre-existing no-fake-cite positive failures (a separate hook) — flagged here so
they're visible, but not addressed in this PR.