feat: add safe NATS/JetStream ops service surface

[rodaddy]

Goal

Add or refine a safe NATS/JetStream mcp2cli ops surface for fleet event/status inspection and approved dev publishing.

Context

mcp2cli already has issue #18 for NATS/JetStream mode for MCP tool requests and receipts. This issue is narrower: give agents a safe operational interface for inspecting NATS/JetStream state and publishing only to approved development/status subjects.

Work

• Decide whether this is a child of feat: add NATS/JetStream mode for MCP tool requests and receipts #18 or a separate service surface.
• Provide read-only tools first:
  • connection/status check;
  • server info;
  • stream list/info;
  • consumer list/info;
  • subject sample with bounded limits.
• Add gated publish only for approved dev/test/status subjects.
• Document subject conventions for agent/fleet events.
• Fail closed on missing credentials, unknown subjects, or production publish without explicit approval.
• Ensure secrets come from existing mcp2cli/Vaultwarden patterns.

Acceptance Criteria

• The issue links to or updates feat: add NATS/JetStream mode for MCP tool requests and receipts #18 to avoid duplicate NATS direction.
• Agents can inspect NATS health and stream metadata without SSH.
• Any publish tool is deny-by-default and limited to approved subjects.
• No credentials or message payload secrets are logged.
• Docs explain when NATS is the right layer versus MonkeyProof/A2A/Herdr.

[rodaddy]

Part of the Herdr-controlled remote worker orchestration epic:

• rodaddy/rtech-infra#133

This work should feed the PRD/implementation plan there and be coordinated from a Herdr controller session.