Fix potential ReDoS in local-command metadata stripping

[jsgrrchg]

Closes #727.

This replaces the local-command metadata stripping regex with a deterministic scanner over the known SDK local-command marker tags.

The previous implementation used a regex over transcript content to remove marker blocks such as <command-name>...</command-name> and <local-command-stdout>...</local-command-stdout>. CodeQL flags that pattern as a potential polynomial-time regex on uncontrolled input.

The new implementation avoids matching arbitrary content with a regex. It scans only for the five known local-command marker tags and strips complete, well-formed marker blocks while preserving malformed or literal marker-like text.

Covered behavior:

• strips valid SDK local-command metadata blocks
• preserves real prose around stripped marker blocks
• preserves unknown marker-like tags
• preserves incomplete or mismatched marker-like tags
• avoids pairing an incomplete opening tag with a later valid block
• handles long malformed marker-like input and unterminated fragments without dropping text

This is intended as a defensive hardening change for the CodeQL finding rather than a claim of a confirmed exploit.

Tests:

• npm run test:run -- src/tests/acp-agent.test.ts