permissions: remove cwd special path

[bolinfest]

Why

The experimental PermissionProfile API had both :cwd and :project_roots special filesystem paths, which made the permission root ambiguous. This PR removes the unstable current_working_directory special path before the permissions API is stabilized, so callers use :project_roots for symbolic project-root access.

What changed

• Removes FileSystemSpecialPath::CurrentWorkingDirectory from protocol and app-server protocol models, plus regenerated app-server JSON/TypeScript schemas.
• Replaces internal :cwd permission entries with :project_roots entries.
• Keeps the existing cwd-update behavior for legacy-shaped workspace-write profiles, while removing the deleted CurrentWorkingDirectory case from that compatibility path.
• Keeps PermissionProfile::workspace_write() as the reusable symbolic workspace-write helper, with docs noting that :project_roots entries resolve at enforcement time.
• Updates app-server docs/examples and approval UI labeling to stop advertising :cwd as a permission token.

Compatibility

Persisted rollout items may contain the old {"kind":"current_working_directory"} tag from earlier experimental permissionProfile snapshots. This PR keeps that tag as a deserialize-only alias for ProjectRoots { subpath: None }, while continuing to serialize only the new project_roots tag.

Follow-up

This PR intentionally does not introduce an explicit project-root set on SessionConfiguration or runtime sandbox resolution. Today, the resolver still uses the active cwd as the single implicit project root. A follow-up should model project roots separately from tool cwd so :project_roots entries can resolve against the configured project roots, and resolve to no entries when there are no project roots.

Verification

• cargo test -p codex-protocol permissions:: --lib
• cargo test -p codex-app-server-protocol
• cargo test -p codex-sandboxing -p codex-exec-server --lib
• cargo test -p codex-core session_configuration_apply_ --lib
• cargo test -p codex-app-server command_exec_permission_profile_project_roots_use_command_cwd --test all
• cargo test -p codex-tui thread_read_session_state_does_not_reuse_primary_permission_profile --lib
• cargo test -p codex-tui preset_matching_accepts_workspace_write_with_extra_roots --lib
• cargo test -p codex-config --lib

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 015d927617

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[viyatb-oai]

Confirmed this against persisted rollout behavior on the current head.