security(high): Fix 8 HIGH severity findings from audit

1. Command validator bypass (CommandValidator.swift): Replaced naive
   String.contains() with NSRegularExpression word-boundary matching
2. Python import validator bypass (CommandValidator.swift): Added regex
   matching with comment-line filtering to prevent bypass
3. Model hash verification (ModelSecurityValidator.swift): Added
   verifyModelHash() with CryptoKit SHA256 and validation warnings
4. Byte-by-byte daemon reading (MLXService.swift): Replaced 1-byte
   reads with 4096-byte buffered chunk reading
5. Infinite loops (MLXService.swift): Changed while-true to
   while-!Task.isCancelled, stored stderr monitor task for cleanup
6. Hardcoded dev paths (MLXService.swift): Replaced /Volumes/Data
   paths with Bundle.main-relative, added multi-version Python lookup
7. SecurityUtils consistency (CommandValidator.swift): Documented
   validation pipeline ordering, added log on character check block
8. Debug print statements (MLXService.swift): Replaced all print()
   calls with SecureLogger, removed emoji from log messages

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: kochj23