extract_command_types

Extract all command types from a shell command, handling && separators.

For security-sensitive commands (python, node, npm, uv, etc.), includes the full signature to avoid over-permissioning. Each sensitive command has a dedicated handler that extracts the appropriate signature.

Signature extraction strategy:

• python/python3: Include module name for -m, just flag for -c
• node: Just flag for -e/-p (code execution)
• npm/yarn/pnpm: Include subcommand, and script name for "run"
• uv: Include subcommand, and tool name for "run"
• npx: Include package name
• Others: Just the base command