git: Strict verification of subcommands

When running commands via the Git DSL, we'll verify that the passed Git subcommand looks sane. This really is only a weak sanity check as we simply use a regular expression to do that verification, so it'll in fact let a lot of commands pass which aren't a proper Git command.

We nowadays have the subcommand map which already tracks most of the subcommands which we use in our codebase, so we can do a lot better than just using a weak regular expression by just using information we already got at hand. While typos in any subcommand would be easily catched by any test already, having this additional verification allows us to make sure that we never execute any Git commands for which we don't have an entry in our subcommands map. Which in turn allows us to assure that the map is in fact complete and is not missing any important subcommand flags defining its characteristics. It can also serve as a single location of truth for all commands we may run in our codebase.

So let's add the few remaining commands to that map. All of those commands are in fact modifying references and do support end-of-options, so none of them require any flags. With that, we can now enable strict verification of subcommands.