Closes security vulnerabilities and documentation gaps:
1. Remove shell expansion from config-driven exec/exec-once
- Eliminate wordexp() usage in spawn()
- Add split_argv_noexpand() for safe argument parsing
- Change run_exec() and run_exec_once() to use spawn() instead of spawn_shell()
- Prevents shell injection and expansion-based DoS
2. Fix null-termination in chvt_backup_selmon
- Add explicit null-terminator after strncpy() in chvt()
- Prevents out-of-bounds read when used in regex_match()
3. Add regression test
- New test_chvt_backup_selmon unit test to verify null-termination logic
- Integrate tests into meson.build
4. Translate Chinese comments to English
- Update IMPLEMENTATION_SUMMARY.md to remove Chinese text
- Improves accessibility for international contributors
5. Update documentation
- Update REVIEW_FINDINGS.md with English versions of examples
- Remove wordexp include from meson.c headers (no longer needed)
