Security hardening for browser boundary, SSRF, FS bridge, profile isolation, exports, and tokens

[Zurgli]

This PR resubmits the previously reviewed security hardening changes with the corrected commit identity.

It includes the same reviewed scope:

• Browser boundary hardening
• SSRF enforcement at the resolved-address boundary
• Filesystem bridge hardening
• Browser profile isolation
• Export path restrictions
• Token hardening

It also includes the requested follow-up fixes from review:

• Handle IPv6-mapped IPv4 addresses in SSRF validation
• Fail closed on Windows ACL hardening errors for token files
• Test coverage for both follow-up fixes

Validation run:

• Focused Vitest suite for the review-fix coverage passed
• TypeScript --noEmit passed

[openwong2kim]

Merged! Thanks for resubmitting with the corrected identity, @Zurgli. All six security hardening changes are now in main. Really appreciate your thorough work on this — looking forward to future contributions! 🎉

[openwong2kim]

Hey @Zurgli — great to see this resubmitted cleanly!

One follow-up: during the original review, you mentioned the daemon persistence/recovery code (~870 lines) would be submitted as a separate PR. Would love to see that come through when you have a chance — it sounds like a solid addition and I'd like to give it a proper review on its own.

No rush, but wanted to make sure it didn't fall through the cracks. Thanks again for all the work on this!

[Zurgli]

Hey @Zurgli — great to see this resubmitted cleanly!

One follow-up: during the original review, you mentioned the daemon persistence/recovery code (~870 lines) would be submitted as a separate PR. Would love to see that come through when you have a chance — it sounds like a solid addition and I'd like to give it a proper review on its own.

No rush, but wanted to make sure it didn't fall through the cracks. Thanks again for all the work on this!

good call - it did fall through. re-opened after splitting out that feature!