feat(connectors): support managed app tool approval requirements

[viyatb-oai]

Why

Managed requirements can already centrally disable apps, but they could not express the per-tool app approval rules that normal config already supports. That left admins without a way to enforce connector tool approvals through /etc/codex/requirements.toml or cloud requirements.

What changed

• Extend app requirements with per-tool approval_mode entries.
• Merge managed app tool requirements across managed sources while preserving higher-precedence exact tool settings.
• Apply managed tool approvals separately from user app config so managed policy is matched only on raw MCP tool.name, while user config keeps the existing raw-name-then-title convenience fallback.
• Add coverage for local requirements, cloud requirements parsing, managed-over-user precedence, and a title-collision case that must not widen managed auto-approval.

Configuration shape

Local /etc/codex/requirements.toml and cloud requirements use the same TOML shape:

[apps.connector_123123.tools."calendar/list_events"]
approval_mode = "approve"

This is a per-tool approval rule keyed by app ID and raw MCP tool name, not an app-level boolean such as apps.connector_123123.approve = true.

[bolinfest]

Something that I don't see referenced in this PR is the use of Constrained. Parsing requirements.toml and ensuring the appropriate values get creation is relatively easy, but ensuring that someone doesn't mutate that value later in a way that is disallowed by requirements.toml later is much harder. This is why we have Constrained<T> and it appears to me that we should be using it for the approval field.