fix: harden split planning flow and sanitize polluted outputs

[Boulea7]

Summary

This PR keeps the current split planning design intact and avoids reintroducing a single search_planning MCP tool.

Main branch history shows that search_planning was intentionally split into the 6 scalar plan_* tools in v1.8.0 for downstream client compatibility, so this patch focuses on minimal hardening of the current design instead of reversing it.

What changed

• Harden the existing split planning flow:
  • enforce phase order inside PlanningEngine.process_phase
  • block later phases when planning is already complete for level=1 / level=2
  • add a lightweight reset() helper for isolated tests
• Improve session_id failure feedback in the existing plan_* tools:
  • return structured JSON errors with expected_phase_order
  • include restart_from_intent_analysis=true
• Sanitize polluted web_search outputs without changing the provider flow:
  • strip leaked <think> blocks
  • strip refusal / prompt-injection policy prefixes and suffixes when they are clearly model noise
  • keep the cleanup conservative and opt-outable through GROK_OUTPUT_CLEANUP / GROK_FILTER_THINK_TAGS
• Add .gitignore for local secrets / caches / logs
• Add targeted tests for planning hardening and output cleanup

Why this scope

I intentionally did not:

• reintroduce the old single-entry search_planning tool
• rewrite the planning engine
• rewrite the Grok provider or the search prompt architecture
• modify README.md / docs/README_EN.md

This keeps the PR aligned with the current main-branch direction and reduces review risk.

Test Report

Automated

• python3 -m py_compile src/grok_search/*.py src/grok_search/providers/*.py tests/*.py
  • PASS
• uv run --directory /Users/jialinli/GrokSearch --with pytest --with pytest-asyncio pytest -q
  • PASS (9 passed)

Manual

• Verified the current split planning flow still works for a normal level-1 sequence:
  • plan_intent -> plan_complexity -> plan_sub_query
  • PASS
• Verified out-of-order phase usage is now rejected deterministically:
  • calling plan_sub_query before plan_complexity now returns a structured error with expected_phase_order
  • PASS
• Verified a real web_search("What is OpenAI? Please answer concisely.", extra_sources=20) run against a live Grok/Tavily/Firecrawl setup:
  • returned a clean answer preview without leaked <think> or refusal prefixes
  • PASS

Safety / Privacy

• git diff --check
  • PASS
• repository scan for obvious secrets / local endpoints / private tokens in tracked files
  • PASS
• no real API keys, private tokens, or local-only endpoints are included in the patch

[Boulea7]

• 加强 plan_* 流程的顺序与会话校验
• 轻量清洗 web_search 的污染输出
• 补充测试和安全忽略规则，对L站上提到的一些问题做了详细优化