[WIP] feat: Execution policy engine (per-command rules)

[quangdang46]

Gap #14 — High

Per-command allow/deny/prompt policy engine with project-level rules files.

Source: codex

What's needed:

• Rules defined per-program with prefix matching and pattern tokens
• Three decisions: Allow, Forbidden, Prompt
• Network rules with protocol-level granularity
• Rules loaded from .rules files in a rules directory
• Policy overlay/merge (user + project + admin)
• BANNED_PREFIX_SUGGESTIONS for dangerous commands

Reference: codex codex-rs/execpolicy/