fix: harden agent security checks

[ManeeshJupalle]

Summary

• Fix local permission gating so it only applies to local computer/browser operators
• Harden Electron IPC and window settings by validating route channels, parsing IPC schemas at runtime, and keeping web security enabled
• Replace unsafe workspace path prefix checks with boundary-safe path containment checks
• Make local browser web-security disabling explicit opt-in and register default hardening hooks in agent-server-next
• Remove an unused broken pkce-challenge patch file

Validation

• Ran git diff --check
• Confirmed the previously vulnerable source patterns no longer appear in the touched code
• Package tests were not run because workspace dependencies were unavailable locally

[netlify]

✅ Deploy Preview for agent-tars-docs ready!

Name	Link
🔨 Latest commit	aa3d064
🔍 Latest deploy log	https://app.netlify.com/projects/agent-tars-docs/deploys/6a15227f4efefd000803854b
😎 Deploy Preview	https://deploy-preview-1906--agent-tars-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for tarko ready!

Name	Link
🔨 Latest commit	aa3d064
🔍 Latest deploy log	https://app.netlify.com/projects/tarko/deploys/6a15227fa73f360008726111
😎 Deploy Preview	https://deploy-preview-1906--tarko.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[CLAassistant]

All committers have signed the CLA.