feat(mcp): add local approval queue for actions

[JSONbored]

Summary

• add a Nightward-owned approval queue for MCP action requests
• add local CLI/TUI/Raycast approval surfaces for exact one-time tickets
• update docs, site copy, references, and TUI media for the secure MCP write flow

What changed

• legacy direct nightward_action_apply remains blocked for MCP clients
• new MCP request/status/apply-approved flow binds applies to exact preview digests
• approval records are bounded, private, audited, TTL-cleaned, and symlink-hardened
• CLI approvals commands, TUI approvals view, and Raycast approvals command were added
• docs/site/reference copy now distinguishes read-only MCP tools, approval-state writes, and approved action applies

Why

• MCP should let AI clients interact with Nightward, but write-capable actions need Nightward-owned local approval rather than caller-supplied confirmation

Validation

• CodeRabbit review run repeatedly; all findings from completed reviews were fixed. Final rerun was rate-limited by the service after fixes.
• Codex Security scan artifact: /tmp/codex-security-scans/nightward/e4a506e915a1_20260506T111949Z/report.md with no findings
• make verify
• make test-security
• make fuzz-check (skipped because cargo-fuzz is not installed)
• make tui-media
• make docs-qa site-verify
• git diff --check
• MCP repro: legacy nightward_action_apply returns isError: true
• MCP repro: nightward_action_request rejects caller-supplied confirm

Notes

• The commit is unsigned because the configured local SSH signing private key is missing (/Users/shadowbook/.ssh/github-commit-ghost.pub has no matching private key).