If it's possible to check, we should add a security overview report item that reports on shell_exec:

• If disabled (shell_exec=f), pass the test.
• If enabled (shell_exec=t), fail the test - this means external commands can be run.
• If in restricted mode (shell_exec=p), we need to decide what to do. This allows a restricted set of commands to be run, potentially we should return a warning to check that the allowed commands are safe for all users to have access to.

We should also do some analysis on whether there's any other LaTeX config options that are worth us checking and reporting on here.