fix(cli): Harden cli issues (#535, #536, #529, #534)

[aadviksinghdebug]

Description

This PR hardens the sanctifier-cli tooling across multiple security, CI, and documentation dimensions to ensure it's robust and ready for production scaling. It rolls up four issues into a single branch.

Work items completed:

• Added integration/e2e coverage in CI (#535): A dedicated backwards compatibility step is now included in the GitHub Actions e2e-coverage.yml pipeline.
• Hardened input validation (#536): The CLI now defaults to safe paths and actively prevents directory traversal (e.g., ..) escapes when normalizing project paths to prevent unintended filesystem reads.
• Packaging and install docs (#529): Added PACKAGING_AND_INSTALL.md with contribution notes, build instructions, and correctly linked it up in the DOCUMENTATION_INDEX.md.
• Added shell completion tests (#534): Unit tests and fixtures to assert completions generate correct headers and registration commands across bash, zsh, fish, and powershell shells.
• Fixed pre-existing build errors: Cleaned up bad variable copy-paste logic inside the sha256_hex custom implementation of verify_deployment.rs and properly resolved unclosed curly brackets inside cli_tests.rs to unblock CI.

Acceptance Criteria

• CI passes for the touched area (lint, tests).
• Behavior is documented (link from DOCUMENTATION_INDEX.md).
• Output formats remain stable with minimal breaking surface.

Closes #535
Closes #536
Closes #529
Closes #534

[vercel]

@aadviksinghdebug is attempting to deploy a commit to the gbangbolaoluwagbemiga's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

@aadviksinghdebug Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits