fix: preserve Markdown code fences by escaping backticks instead of removing them (fixes #6)

Backticks were being stripped entirely by the sanitizer, destroying
Markdown code fences (```) in note content.

The real injection risk is backtick command substitution inside
double-quoted shell strings (e.g. content=`rm -rf /`). The fix is to
escape backticks as \` in formatParam — exactly as we already do for
double quotes — so the shell never interprets them while the content
is preserved intact.

Changes:
- sanitizer.ts: remove ` from DANGEROUS_CHARS and the backtick command
  substitution pattern from COMMAND_INJECTION_PATTERNS (now handled at
  the quoting layer, not the stripping layer)
- cli-helpers.ts: escape backticks as \` in formatParam alongside the
  existing double-quote escaping

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

src/validation/sanitizer.ts

@@ -11,13 +11,14 @@ import { logger } from '../utils/logger.js';
  * Note: Brackets [], parentheses (), and braces {} are safe because values are quoted and passed as array args
  * They're essential for Obsidian markdown (wikilinks [[link]], tasks - [ ] Task, templates {{...}}, etc.)
  * Note: Single & is safe in quoted args (filenames like "Research & Development.md")
- * We only block: ; | ` $ < > (command separators, pipes, substitution, redirects)
+ * Note: Backticks are safe because formatParam escapes them as \` inside double-quoted strings,
+ *       preventing shell command substitution while preserving Markdown code fences (``` ```)
+ * We only block: ; | $ < > (command separators, pipes, substitution, redirects)
  * Command injection patterns (&&, ||, etc.) are handled separately
  */
-const DANGEROUS_CHARS = /[;|`$<>]/g;
+const DANGEROUS_CHARS = /[;|$<>]/g;
 const COMMAND_INJECTION_PATTERNS = [
   /\$\(/g,      // Command substitution $(...)
-  /`[^`]*`/g,   // Command substitution `...`
   /\|\|/g,      // OR operator
   /&&/g,        // AND operator
   /;/g,         // Command separator