Simplify: keep hook regex, drop redundant deny rule permutations

The rewritten hook regex already handles all case/ordering variants of
rm flags via case-insensitive chained grep checks. Remove the 16
enumerated permutations from deny rules. Drop overly broad * | sh and
* | zsh rules that would block legitimate pipes. Revert unnecessary
case-insensitive flag on git push hook (git is always lowercase).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: dguido

settings.json

@@ -13,32 +13,13 @@
     "deny": [
       "Bash(rm -rf *)",
       "Bash(rm -fr *)",
-      "Bash(rm -Rf *)",
-      "Bash(rm -rF *)",
-      "Bash(rm -RF *)",
-      "Bash(rm -fR *)",
-      "Bash(rm -Fr *)",
-      "Bash(rm -FR *)",
-      "Bash(rm -r -f *)",
-      "Bash(rm -r -F *)",
-      "Bash(rm -R -f *)",
-      "Bash(rm -R -F *)",
-      "Bash(rm -f -r *)",
-      "Bash(rm -f -R *)",
-      "Bash(rm -F -r *)",
-      "Bash(rm -F -R *)",
-      "Bash(rm --recursive *)",
-      "Bash(rm --recursive --force *)",
-      "Bash(rm --force --recursive *)",
       "Bash(sudo *)",
       "Bash(mkfs *)",
       "Bash(dd *)",
       "Bash(curl *|bash*)",
       "Bash(curl *| bash*)",
       "Bash(wget *|bash*)",
       "Bash(wget *| bash*)",
-      "Bash(* | sh)",
-      "Bash(* | zsh)",
       "Bash(bash <(curl *))",
       "Bash(git push --force*)",
       "Bash(git push *--force*)",
@@ -79,7 +60,7 @@
           },
           {
             "type": "command",
-            "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qiE 'git[[:space:]]+push.*(main|master)'; then echo 'BLOCKED: Use feature branches, not direct push to main' >&2; exit 2; fi"
+            "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qE 'git[[:space:]]+push.*(main|master)'; then echo 'BLOCKED: Use feature branches, not direct push to main' >&2; exit 2; fi"
           }
         ]
       }