security: restrict BOM whitelist to prevent shared component deletion

- Removes shared directories (Frameworks, Plugins, etc) from receipt scanning whitelist
- Ensures that uninstalling an app won't accidentally delete shared system libraries
- Updates SECURITY_AUDIT.md to reflect stricter receipt scanning policy

SECURITY_AUDIT.md

@@ -166,7 +166,7 @@ For user-selected app removal:
 - **Safety Limit:** 3-char minimum (prevents "Go" matching "Google")
 - **Disabled:** Fuzzy matching and wildcard expansion for short names.
 - **User Confirmation:** Required before deletion.
-- **Receipt Scans:** BOM-derived files are limited to safe system prefixes and filtered by `should_protect_path()`.
+- **Receipt Scans:** BOM-derived files are restricted to app-specific prefixes (e.g., `/Applications`, `/Library/Application Support`). Shared directories like `/Library/Frameworks` are **excluded** to prevent collateral damage.
 
 **Code:** `lib/clean/apps.sh:uninstall_app()`
 

lib/core/app_protection.sh

@@ -950,13 +950,6 @@ find_app_receipt_files() {
                     /Library/LaunchAgents/*) is_safe=true ;;
                     /Library/LaunchDaemons/*) is_safe=true ;;
                     /Library/PrivilegedHelperTools/*) is_safe=true ;;
-                    /Library/Internet\ Plug-Ins/*) is_safe=true ;;
-                    /Library/Audio/Plug-Ins/*) is_safe=true ;;
-                    /Library/Frameworks/*) is_safe=true ;;
-                    /Library/Input\ Methods/*) is_safe=true ;;
-                    /Library/QuickLook/*) is_safe=true ;;
-                    /Library/PreferencePanes/*) is_safe=true ;;
-                    /Library/Screen\ Savers/*) is_safe=true ;;
                     /Library/Extensions/*) is_safe=false ;;
                     *) is_safe=false ;;
                 esac