feat(browser): add interaction modes and permission rules

[Nikolatesla-lj]

Summary

• add browser interaction modes for Orca's built-in browser
• add configurable permission defaults and remembered site rules
• add human-mode permission prompts with remember support

What changed

• added browser settings fields for:
  • browserInteractionMode
  • browserPermissionDefaults
  • browserSitePermissionRules
  • browserPermissionNoticePolicy
• added a shared browser permission policy module for mode defaults, site-rule resolution, and notice filtering
• unified browser partition permission handling around the new decision engine
• added human-mode runtime prompts that can remember site-specific allow/deny rules
• added a Browser Permissions settings section for mode selection, default permission actions, and remembered rule cleanup

Why

Orca's built-in browser has been automation-first, with mostly hard-coded allow/deny behavior. That works for agents, but it is too rigid for human-in-the-loop browser testing.

This PR introduces a browser interaction model with two explicit modes:

• agent: stable, automation-safe defaults
• human: prompt-capable behavior for real browser testing flows

The result is a formal permission model instead of one-off site exceptions.

Scope

This PR intentionally does not add CLI commands. It only adds the browser permission system itself.

The follow-up CLI PR can expose these settings and site rules without re-implementing any permission logic.

Tests

• ./node_modules/.bin/vitest run src/shared/browser-permissions.test.ts src/main/browser/browser-session-registry.test.ts src/main/window/attach-main-window-services.test.ts
• ./node_modules/.bin/vitest run src/main/persistence.test.ts src/main/ipc/settings.test.ts
• ./node_modules/.bin/tsc --noEmit -p config/tsconfig.node.json --composite false
• ./node_modules/.bin/tsc --noEmit -p config/tsconfig.web.json --composite false