v0.51.549 — Release TH (HOTFIX: profile switching for single-user named profiles)

Release v0.51.549 — Release TH (HOTFIX: profile switching restored for single-user named profiles)

Ships #4589 (nesquena-hermes) — high-severity profile-isolation regression hotfix (#4586). Independently agent-reviewed; deep-gated here with two additional isolation-escape fixes applied during review.

Fixed

• Profile switching works again for normal single-user named profiles (#4586). Isolated single-profile mode is no longer inferred from the HERMES_HOME path shape — it now requires an explicit HERMES_WEBUI_ISOLATED_PROFILE opt-in. The opt-in is also protected from being overridden by a profile's own .env (live-env + runtime/background-worker paths). Thanks @nesquena-hermes.

Gate + hardening (applied during review)

• Full pytest suite: 9911 passed, 0 failed (incl. #4586 regression tests + #2698 legitimate-isolation-preserved + 2 new escape-path regression tests)
• Codex: SAFE TO SHIP (final re-confirm — no remaining escape path); Opus: SAFE
• 🔴 Isolation-escape via profile .env (door 1) fixed: _reload_dotenv() refuses to copy HERMES_WEBUI_ISOLATED_PROFILE from a profile .env (_PROTECTED_ENV_KEYS).
• 🔴 Isolation-escape via runtime-env path (door 2) fixed: get_profile_runtime_env() also strips it, and HERMES_WEBUI_ISOLATED_PROFILE is added to _BLOCKED_RUNTIME_ENV_KEYS (gateway-parity filter). Without these, a contained user could set =0 in their own profile .env and escape isolation.

Both directions verified: regression fixed (normal named profile = full switching) AND legitimate operator isolation still enforced.

Closes #4586.