feat(security): harden runtime config, IPC ingress policy, and python artifact provenance

[simonhagger]

Summary

• Centralized privileged file-ingress policy and one-time token consumption in desktop main IPC.
• Added normalized unhandled IPC error envelope behavior for safer renderer/preload error handling.
• Added packaged runtime config loading (runtime-config.json / runtime-config.env) with strict allowlisted keys.
• Added generic runtime config examples (no real tenant values) and sanitized contract fixture values.
• Pinned Python runtime artifact source and hardened bundle assertion checks.

Why

• Reduce sensitive/privileged file-surface drift across handlers.
• Keep packaged configuration user-editable without requiring CLI env setup.
• Improve deterministic Python runtime provenance and packaging safety.
• Remove tenant-specific values from tracked test fixtures/examples.

Validation

• pnpm nx run contracts:test
• pnpm nx run desktop-main:test
• pnpm nx run desktop-main:build
• Manual smoke (user): packaged staging build confirms bundled Python runtime + PyMuPDF and PDF inspect flow.

Engineering Checklist

• Conventional Commit title used
• Unit/integration tests added or updated
• A11y impact reviewed
• I18n impact reviewed
• IPC contract changes documented
• ADR added/updated for architecture-level decisions

Security (Required For Sensitive Changes)

• Security review completed

• Threat model updated or N/A explained

• Confirmed no secrets/sensitive data present in committed files

Security Notes

• Threat model update: N/A for this slice.
• Rationale:
  • No new external trust boundary introduced.
  • Privileged file ingress is now governed by centralized policy checks.
  • Runtime config loader is allowlist-only and does not execute code.
  • Python runtime artifact source is pinned and verified.