tirith: add module

Adds Home Manager module for Tirith, a shell security monitor.

The module supports:
- Shell integration for Bash, Fish, and Zsh
- Allowlist configuration for bypassing Tirith analysis
- Policy configuration for customizing security behavior

tests/modules/programs/tirith/basic.nix

@@ -0,0 +1,27 @@
+{ ... }:
+
+{
+  programs.tirith = {
+    enable = true;
+    allowlist = [
+      "localhost"
+      "example.com"
+    ];
+    policy = {
+      version = 1;
+      fail_mode = "open";
+    };
+  };
+
+  nmt.script = ''
+    assertFileExists home-files/.config/tirith/allowlist
+    assertFileContent \
+      home-files/.config/tirith/allowlist \
+      ${builtins.toFile "expected" ''
+        localhost
+        example.com
+      ''}
+
+    assertFileExists home-files/.config/tirith/policy.yaml
+  '';
+}