feat: add tool allow/deny profiles with per-agent and per-provider filtering

Implements configurable tool filtering with four built-in profiles
(minimal, messaging, coding, full), global and per-agent/per-provider
allow/deny lists with glob pattern support, and defense-in-depth
enforcement at both tool listing and execution time.

New: src/tools/policy.ts (ToolPolicy engine), src/tools/policy.test.ts (37 tests)
Modified: config schema, tool registry, tool executor, NativeAgent,
AgentOrchestrator, daemon wiring, gateway tool handler, test mocks

src/gateway/handlers/tools.ts

@@ -11,7 +11,8 @@ export interface ToolHandlerDeps {
 export function createToolHandlers(deps: ToolHandlerDeps) {
   return {
     'tools.list': async (request: GatewayRequest): Promise<OutboundMessage> => {
-      const tools = deps.toolRegistry.list().map(t => ({
+      // Use filteredList to respect tool policy (gateway context has no agent/provider)
+      const tools = deps.toolRegistry.filteredList().map(t => ({
         name: t.name,
         description: t.description,
         inputSchema: t.inputSchema,
@@ -30,6 +31,7 @@ export function createToolHandlers(deps: ToolHandlerDeps) {
         return makeError(request.id, ErrorCode.ToolNotFound, `Tool not found: ${params.tool}`);
       }
 
+      // Pass no context — gateway uses global policy only
       const result = await deps.toolExecutor.execute(params.tool, params.args ?? {});
       return makeResponse(request.id, result);
     },