[codex] Move approvals into core policy modules

[roackb2]

Summary

Implements the M6/M7 approval-domain refactor.

Changes include:

• Moved remembered project approval rules from src/cli/chat/state/approval-rules.ts into src/core/approvals/remembered-rules.ts.
• Kept src/cli/chat/state/approval-rules.ts as a TUI compatibility re-export only.
• Added approval policy-chain primitives under src/core/approvals/:
  • types.ts
  • policy-chain.ts
  • default-policies.ts
  • surface.ts
• Deleted the src/core/chat/tool-approval-host.ts compatibility path; all callers now import approval surface/types directly from core/approvals.
• Updated tool-dispatch to evaluate ordered default approval policies for approval-required tools and outside-workspace inspection.
• Updated TUI remembered approval and control-plane human approval surfaces to use policy-chain primitives.
• Added unit coverage for first-decision-wins policy evaluation, default policies, remembered approvals, and human approval surface wrapping.

Impact

Approval persistence, policy decisions, and host approval surfaces now have a core domain home. Existing approval UX and trace events are preserved, while future approval policies can be added as ordered policy functions instead of being embedded in host UI code.

Validation

• yarn test:unit src/__tests__/unit/core/approval-policy-chain.test.ts
• yarn test:unit src/__tests__/unit/core/project-approval-rules.test.ts
• yarn test:unit src/__tests__/unit/tui/local-commands.test.ts
• yarn vitest run src/__tests__/integration/core/run-agent.test.ts
• yarn vitest run src/__tests__/integration/tools/tools.test.ts
• yarn eslint
• yarn typecheck
• yarn test outside the sandbox, because the full integration suite needs localhost binding and normal git identity for temp repositories