fix: use text blocks in recall follow-up to prevent tool leaking to client

[BYK]

Summary

• Fixes "model called invalid tool: recall" on the client side. PR fix: keep recall tool in follow-up request to prevent API rejection #330 kept recall in the follow-up tools list, which allowed the model to call it again. The follow-up response is piped raw (no RecallAwareAccumulator), so a second recall tool_use leaked through to OpenCode, which rejected it as an unknown tool.
• Replaces tool_use/tool_result with plain text in follow-up messages. The assistant message gets a marker text (📚 Searching...) instead of the raw tool_use block, and the user message gets recall results as plain text instead of tool_result. This allows stripping recall from the tools list without violating the API constraint that tool_use must reference a defined tool.
• Adds defense-in-depth recall suppression to both streaming and non-streaming follow-up response paths, so even if recall somehow appears in the continuation it gets stripped before reaching the client.

Root cause

The recall follow-up has a 3-way constraint:

1. Can't keep recall in tools → model calls it again, follow-up is piped raw, tool_use leaks to client
2. Can't strip recall from tools while keeping tool_use in messages → API rejects (tool_use references undefined tool)
3. Solution: use plain text blocks instead of tool_use/tool_result → no tool reference constraint, recall stripped from tools

Files changed

File	Change
packages/gateway/src/recall.ts	Rewrite buildRecallFollowUp() to use text blocks instead of tool_use/tool_result, strip recall from tools
packages/gateway/src/pipeline.ts	Add defense-in-depth recall suppression in streaming + non-streaming follow-up paths
packages/gateway/test/recall.test.ts	Update all buildRecallFollowUp test assertions for text block format, add empty-result test