Add context hardening: trim, allow/deny regex, and onContextOverflow handling

[PredictabilityAtScale]

Motivation

• Provide per-input runtime hardening for context variables to reduce prompt-injection and oversize issues.
• Allow callers to transform oversized context values before rendering via a callback so large inputs can be summarized/redacted.

Description

• Add trim, allow_regex, and deny_regex to the context input schema and expose them through ContextInputDefinition, normalizeContextInput, and Zod ContextInputDefinitionObjectSchema.
• Implement sanitizeContextVariables(...) in src/context.ts to run onContextOverflow callbacks, trim values to max_size, and enforce allow_regex / deny_regex, and integrate it into PromptOpsKit.renderPrompt and provider input handling so sanitized variables are used for rendering.
• Add new error/warning codes and static checks in validation: POK013 for invalid regex, POK014 when trim is set without max_size, and runtime errors POK031/POK032 for allow/deny failures; keep POK030 for size warnings.
• Update public APIs and types to accept an optional onContextOverflow callback in RenderPromptOptions and RuntimeRenderOptions, and update docs, README, website, and examples to document the new controls.
• Add unit tests covering trimming behavior, explicit non-trimming, allowlist/blocklist validation, invalid regex validation, trim-without-size warning, and onContextOverflow callback integration.

Testing

• Ran the unit test suite (npm test) including updated tests/runtime-context-placeholders.test.ts and tests/validation.test.ts which exercise trimming, regex validation, overflow callback, and validation warnings/errors, and all tests passed.

---

Codex Task