fix: raise adversarial review inline diff limits and expose overrides

[kingdoooo]

Summary

/codex:adversarial-review fails on normal-sized PRs (e.g. 10 files / 318KB) with Missing string verdict. Root cause is a contract conflict in the self-collect path:

• git.mjs:8-9 caps inline diff at 2 files / 256KB (defaults from early-2024)
• Above the cap, git.mjs:331 switches to the lightweight self-collect prompt that tells Codex "Inspect the target diff yourself with read-only git commands"
• But the same turn at codex-companion.mjs:411-412 enforces sandbox: "read-only" + outputSchema: review-output.schema.json and exposes no shell tool
• Codex tries to emit a shell-call JSON (e.g. {"cmd": "git status"}), the schema validator rejects it because verdict is missing, and the run fails

This PR makes the contradictory self-collect path rarely reachable in practice and gives users an escape hatch when they do hit it:

• Raise defaults to 50 files / 1 MB in git.mjs. A 1MB diff is roughly 250K tokens, well within current GPT-5 context, and 50 files covers the long tail of real PRs.
• Add --max-inline-files <n> and --max-inline-bytes <n> to /codex:adversarial-review. 0 forces the self-collect prompt for debugging or unusually large diffs that would blow the context window.

The deeper structural fix (multi-turn + shell tool when going self-collect, or relaxing outputSchema on that branch) is left out of scope — this PR focuses on the practical regression so the command works on normal-sized PRs again.

Out of scope

• /codex:review (native reviewer via runAppServerReview) is unaffected — different code path.
• The self-collect prompt + JSON-only output schema mismatch is preserved as a fallback. Worth a separate issue/PR if anyone hits diffs above 1MB.

Testing

node --test tests/git.test.mjs tests/runtime.test.mjs tests/commands.test.mjs

New tests:

• collectReviewContext keeps inline diffs for medium-sized adversarial reviews under default limits (11-file diff, default caps → inline-diff)
• collectReviewContext respects maxInlineFiles override forcing self-collect
• adversarial review keeps medium-sized diffs inline under default limits (CLI integration)
• adversarial review --max-inline-bytes forces self-collect on large diffs (CLI integration)
• adversarial review rejects negative --max-inline-files (input validation)

Existing self-collect tests now pass maxInlineFiles: 2 (or --max-inline-files 2) explicitly so they continue to exercise the self-collect path under the higher defaults.

Note: 3 unrelated tests (status shows phases, status preserves adversarial review kind labels, result returns the stored output...) fail on my macOS sandbox both before and after this change. They appear environment-specific and were not introduced by this PR.