fix: unify importUrl reload/cache and management import hardening

[rodaddy]

Found during the Herdr landed-PR review swarm for PR #41.

Problem

The importUrl implementation is hardened in the startup loader path, but reload,
file-watch, and management import paths appear to bypass parts of that hardened
path. Cache placement and watcher lifecycle also need production hardening.

Evidence from the reviewed head:

• src/daemon/config-manager.ts:111 uses raw ServicesConfigSchema.safeParse()
  instead of the import-aware loader.
• src/daemon/file-watch.ts:42 feeds that reload path, while
  src/config/loader.ts:82 is where importUrl merging happens on startup.
• src/daemon/server.ts:589 and src/daemon/server.ts:599 expose
  /api/services/import.
• src/daemon/config-manager.ts:144 performs raw fetch behavior instead of
  sharing the same URL/fetch policy as the hardened loader path around
  src/config/loader.ts:138 and src/config/loader.ts:171.
• src/config/loader.ts:127, src/config/loader.ts:282, and
  src/config/loader.ts:299 persist imported registry cache content beside the
  config path without enough evidence of sanitization, restrictive mode, or a
  dedicated mcp2cli cache directory.
• src/daemon/file-watch.ts:80 appears to handle setup failure only, not
  runtime watcher error/close/invalidation.

Acceptance criteria

• Daemon reload/file-watch uses the same import-aware loader semantics as
  startup.
• Reload preserves importUrl services after config changes.
• /api/services/import uses the same validated URL and fetch policy as the
  startup import path.
• importUrl cache filenames/paths are sanitized, written with restrictive mode,
  and placed under an mcp2cli-controlled cache directory.
• Watcher runtime error/close/invalidation behavior is tested.
• Relevant typecheck/test command is run and recorded in the fixing PR.