refactor: delegate filesystem enforcement to sandbox extension

[kostyay]

• Remove 100+ lines of destructive command pattern matching logic from plan-ask extension; filesystem enforcement now delegated to sandbox via event-based communication
• Add readonly event emitted on pi.events to signal read-only mode to sandbox extension, which dynamically reconfigures filesystem restrictions
• Simplify plan-ask to only manage tool restrictions (edit/write removal) and system prompts; emit readonly events when entering/exiting restricted modes
• Add user notification in plan-ask if sandbox extension is not loaded to inform that filesystem write enforcement is inactive
• Update sandbox extension to listen for readonly events and toggle filesystem write permissions dynamically, with acknowledgment mechanism
• Display [READONLY] indicator in sandbox status when filesystem is restricted
• Add sandbox status display on line 3 of status bar (shown only when sandbox extension is active)
• Add status bar documentation noting sandbox status appears on dedicated line 3