feat(runtime): add hot-reloadable guardrails and model diagnostics

Introduce a runtime settings layer that hydrates persisted config at startup
and reapplies aliases, payload rules, cache behavior, CLI compatibility,
usage tuning, and related switches when settings change or SQLite updates.

Replace the legacy prompt injection middleware path with a guardrail
registry that supports prompt injection detection, PII masking, disabled
guardrail overrides, and post-call response handling across the chat
pipeline.

Add a metadata registry for model catalog and alias resolution so catalog
endpoints return enriched capabilities plus diagnostic headers and typed
alias errors instead of ad hoc responses.

Convert unsupported built-in web_search tools into an OmniRoute fallback
tool, execute them through builtin skills, and preserve Responses API
function call output with sanitized usage fields.

Centralize provider header fingerprints for GitHub, Cursor, Qwen, Qoder,
Kiro, and Antigravity, and migrate management passwords from env or
plaintext storage into persisted bcrypt hashes during startup and login.

tests/unit/qoder-executor.test.ts

@@ -173,6 +173,8 @@ test("QoderExecutor: non-stream calls target DashScope and map alias models", as
     assert.equal(options.method, "POST");
     assert.equal(options.headers.Authorization, "Bearer pat_test");
     assert.equal(options.headers["x-dashscope-authtype"], "qwen-oauth");
+    assert.equal(options.headers["user-agent"], "QwenCode/0.11.1 (linux; x64)");
+    assert.equal(options.headers["x-dashscope-useragent"], "QwenCode/0.11.1 (linux; x64)");
     const parsedBody = JSON.parse(String(options.body));
     assert.equal(parsedBody.model, "coder-model");
     return new Response(