Add template support for issue creation (bd-164b)

- Built-in templates: epic, bug, feature (embedded in binary)
- Custom templates in .beads/templates/ (override built-ins)
- Commands: bd template list/show/create
- Flag: bd create --from-template <name> "Title"
- Template fields: description, type, priority, labels, design, acceptance
- Security: sanitize template names to prevent path traversal
- Flag precedence: explicit flags override template defaults
- Tests: template loading, security, flag precedence
- Docs: commands/template.md and README.md updated

Closes bd-164b

Amp-Thread-ID: https://ampcode.com/threads/T-118fe54f-b112-4f99-a3d9-b7df53fb7284
Co-authored-by: Amp <amp@ampcode.com>

cmd/bd/template_security_test.go

@@ -0,0 +1,44 @@
+package main
+
+import (
+	"testing"
+)
+
+func TestSanitizeTemplateName(t *testing.T) {
+	tests := []struct {
+		name      string
+		input     string
+		wantError bool
+	}{
+		{"valid simple name", "epic", false},
+		{"valid with dash", "my-template", false},
+		{"valid with underscore", "my_template", false},
+		{"path traversal with ../", "../etc/passwd", true},
+		{"path traversal with ..", "..", true},
+		{"absolute path", "/etc/passwd", true},
+		{"relative path", "foo/bar", true},
+		{"hidden file", ".hidden", false}, // Hidden files are okay
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := sanitizeTemplateName(tt.input)
+			if (err != nil) != tt.wantError {
+				t.Errorf("sanitizeTemplateName(%q) error = %v, wantError %v", tt.input, err, tt.wantError)
+			}
+		})
+	}
+}
+
+func TestLoadTemplatePathTraversal(t *testing.T) {
+	// Try to load a template with path traversal
+	_, err := loadTemplate("../../../etc/passwd")
+	if err == nil {
+		t.Error("Expected error for path traversal, got nil")
+	}
+
+	_, err = loadTemplate("foo/bar")
+	if err == nil {
+		t.Error("Expected error for path with separator, got nil")
+	}
+}