refactor: use semaphores for async serialization gates

[bolinfest]

This is the second cleanup in the await-holding lint stack. The higher-level goal, following #18178 and #18398, is to enable Clippy coverage for guards held across .await points without carrying broad suppressions.

The stack is working toward enabling Clippy's await_holding_lock lint and the configurable await_holding_invalid_type lint for Tokio guard types.

Several existing fields used tokio::sync::Mutex<()> only as one-at-a-time async gates. Those guards intentionally lived across .await while an operation was serialized. A mutex over () suggests protected data and trips the await-holding lint shape; a single-permit tokio::sync::Semaphore expresses the intended serialization directly.

What changed

• Replace Mutex<()> serialization gates with Semaphore::new(1) for agent identity ensure, exec policy updates, guardian review session reuse, plugin remote sync, managed network proxy refresh, auth token refresh, and RMCP session recovery.
• Update call sites from lock().await / try_lock() to acquire().await / try_acquire().
• Map closed-semaphore errors into the existing local error types, even though these semaphores are owned for the lifetime of their managers.
• Update session test builders for the new managed_network_proxy_refresh_lock type.

Verification

• The split stack was verified at the final lint-enabling head with just clippy.

---

Stack created with Sapling. Best reviewed with ReviewStack.

• chore: enable await-holding clippy lints #18698
• chore: document intentional await-holding cases #18423
• refactor: narrow async lock scopes #18418
• -> refactor: use semaphores for async serialization gates #18403