core: remove shell execution and server URL from plugin API

Plugins no longer receive shell access or server URL to prevent unauthorized
execution and limit plugin sandbox surface area.

packages/plugin/src/index.ts

@@ -12,7 +12,6 @@ import type {
   Config,
 } from "@opencode-ai/sdk"
 
-import type { BunShell } from "./shell.js"
 import { type ToolDefinition } from "./tool.js"
 
 export * from "./tool.js"
@@ -28,8 +27,6 @@ export type PluginInput = {
   project: Project
   directory: string
   worktree: string
-  serverUrl: URL
-  $: BunShell
 }
 
 export type Plugin = (input: PluginInput) => Promise<Hooks>