fix(claude): add permissions block to settings.json

Clears AgentShield medium finding "No permissions block configured" by
adding scoped allow/deny lists. Fleet-standard 8-entry deny list +
9 commonly used Bash allow entries, both arrays sorted alphanumerically
per the recently landed sorting rule.

Grade improves from A (97/100) to A (99/100); 2 medium → 0 medium.

Author: jdalton

.claude/settings.json

@@ -1,4 +1,27 @@
 {
+  "permissions": {
+    "allow": [
+      "Bash(cat*)",
+      "Bash(cp*)",
+      "Bash(git*)",
+      "Bash(grep*)",
+      "Bash(ls*)",
+      "Bash(mkdir*)",
+      "Bash(mv*)",
+      "Bash(node*)",
+      "Bash(pnpm*)"
+    ],
+    "deny": [
+      "Bash(*> /dev/*)",
+      "Bash(chmod 777*)",
+      "Bash(chmod*)",
+      "Bash(curl*)",
+      "Bash(rm -rf*)",
+      "Bash(ssh*)",
+      "Bash(sudo*)",
+      "Bash(wget*)"
+    ]
+  },
   "hooks": {
     "PreToolUse": [
       {