fix: Improve compatiblity with restrictive shell environments

[alisonlhart]

Fixes #2066.

Description

When running ansible-navigator collections --mode stdout in containers with restricted permissions, users encountered two cascading errors:

1. Primary Error: PermissionError: [Errno 1] Operation not permitted: '/bin/sh'
2. Secondary Error: AttributeError: 'Action' object has no attribute '_interaction'

This prevented collections from being cataloged in environments with SELinux restrictions, security contexts, or other permission limitations.

Root Causes

Primary Bug (PermissionError)

The catalog_collections.py script used shell=True in subprocess.run() with shell pipes to filter ansible-config output:

cmd = ["ansible-config", "dump", "|", "grep", "COLLECTIONS_PATHS"]
proc_out = subprocess.run(" ".join(cmd), shell=True, ...)

This required access to /bin/sh, which was blocked in restrictive container environments.

Secondary Bug (AttributeError)

When the primary error occurred, notify_failed() tried to display a UI notification:

self._interaction.ui.show_form(warning)

However, _interaction is not initialized in stdout mode, causing an AttributeError that masked the real issue.

Solution

1. Removed Shell Dependency

• Changed run_command() to use shell=False and pass commands as lists
• Replaced shell pipe ansible-config dump | grep COLLECTIONS_PATHS with Python-native filtering
• Added proper error handling for PermissionError and FileNotFoundError

Files Changed:

• src/ansible_navigator/data/catalog_collections.py (lines 509-532, 603-622)

2. Fixed Error Notification in Stdout Mode

• Updated notify_failed() to check mode and _interaction availability
• In stdout mode, errors are now logged instead of attempting UI operations

Files Changed:

• src/ansible_navigator/actions/collections.py (lines 234-244)

Testing

Added comprehensive unit tests covering both bugs:

Test Coverage:

• test_run_command_without_shell() - Verifies subprocess runs with shell=False
• test_run_command_handles_permission_error() - Verifies graceful PermissionError handling
• test_retrieve_collections_paths_without_pipe() - Verifies no shell pipes used
• test_retrieve_collections_paths_not_found() - Verifies error handling
• test_notify_failed_in_stdout_mode() - Verifies no AttributeError in stdout mode
• test_notify_failed_in_interactive_mode() - Verifies UI notifications work in interactive mode

Impact

This fix allows ansible-navigator collections to work reliably in:

• Containers with restricted shell access
• Environments with SELinux enforcing mode
• Rootless container environments
• Any execution environment with permission restrictions