[codex] Harden runtime safety

[MiniAngerAnger]

Summary

This PR tightens runtime safety and dependency hygiene without expanding product scope.

• lock local skill start/pause endpoints behind a token and loopback Host validation
• disable custom Provider execution by default, verify installed bundle hashes, and run custom Providers in an Electron utility process with a timeout
• change RPA reply delivery to draft-by-default so generated replies are pasted but not sent automatically
• restrict preload IPC channels and enable safer BrowserWindow defaults
• enforce Provider manifest/entry URL protocol boundaries so remote HTTPS manifests cannot point at local file entries
• align the built-in Ark model defaults on doubao-seed-2-0-lite-260428
• make the built-in Provider honor configured baseURL and add a 30s API timeout
• clean up TypeScript/lint issues and add focused safety-policy tests
• resolve dependency audit findings and native install/rebuild drift

Why

The desktop agent has high-privilege local capabilities: it can read screenshots, control keyboard/mouse, use clipboard, and execute Provider JS locally. These changes reduce accidental message sends, local HTTP misuse, Provider tampering, renderer/main-process exposure, remote Provider manifest abuse, and model/API configuration drift.

Validation

• npm run test:safety: 5 passed / 0 failed / 0 skipped
• npm run typecheck: passed
• npm run lint: passed
• npm run build: passed, with one existing non-blocking Vite chunk warning
• npm audit: 0 vulnerabilities
• git diff --check: passed

Notes

Custom Providers are still not a full OS-level sandbox. This PR reduces the blast radius by moving non-built-in Provider execution out of the main process, requiring explicit enablement with SIGHTFLOW_ALLOW_CUSTOM_PROVIDER_CODE=1, and blocking tampered or cross-protocol Provider entry bundles.