refactor(dynamic): standardize shell commands across fixtures, add __NYX_SINK_HIT__ markers, improve PHP support

tests/dynamic_fixtures/class_method/javascript/benign.js

@@ -1,14 +1,14 @@
 // Phase 19 (Track M.1) — class-method benign control for JavaScript.
 //
 // UserService.run routes the input through execFileSync with argv form so
-// the shell never interprets the string.
+// the shell never interprets the string or echoes marker bytes.
 'use strict';
 const { execFileSync } = require('child_process');
 
 class UserService {
     constructor() {}
     run(input) {
-        return execFileSync('/bin/echo', [input]).toString();
+        return execFileSync('true', [input]).toString();
     }
 }
 

tests/dynamic_fixtures/class_method/javascript/vuln.js

@@ -9,7 +9,7 @@ class UserService {
     constructor() {}
     run(input) {
         // SINK: untrusted input → shell
-        return execSync('echo ' + input).toString();
+        return execSync('true ' + input).toString();
     }
 }