Support PermissionRequest updatedInput rewrites

[abhinav-oai]

Why

This stacks on #20527. PermissionRequest also documents updatedInput, but unlike PreToolUse, it can participate in approval retries. Supporting it cleanly needs a second layer that can feed rewritten input back through approval evaluation without changing the simpler one-shot PreToolUse path.

What

• Parse allow-only updatedInput for PermissionRequest, while preserving deny-path validation.
• Re-run approval evaluation after a PermissionRequest rewrite, with:
  • a no-op fast path when the hook returns the same input again
  • a bounded rewrite loop for repeated changes
  • MCP approval retry plumbing that preserves the rewritten input
• Surface explicit updatedInput errors for approval paths that do not have a stable original tool input to rewrite, including deferred network approvals and intercepted exec approvals.
• Add regression coverage for parser behavior plus end-to-end PermissionRequest rewrites across shell, apply_patch, and MCP paths.

Stack

Base: #20527

Verification

• Focused codex-hooks parser coverage for PermissionRequest updatedInput
• Focused codex-core rewrite tests for shell, apply_patch, and MCP PermissionRequest paths