Scope app-server client identity per connection

[owenlin0]

Why

The app-server can host multiple clients in the same long-lived process, but client identity was still largely process-global. That made attribution fragile: one initialized client could influence outbound originator and User-Agent headers for later app-server work, while infrastructure clients such as codex_app_server_daemon and codex-backend were excluded from global mutation even when they initiated session work.

Model/realtime requests, telemetry, and connector filtering should use the client identity for the connection that owns the request, not whatever process-global identity happens to be set.

What Changed

• Added a scoped ClientIdentity path in codex-login that can build originator, User-Agent, default headers, and reqwest clients from an explicit identity while preserving existing process-default behavior outside the scope.
• Changed app-server initialize to validate and store a concrete identity for every initialized connection, including daemon/backend clients, without mutating process-global originator or user-agent suffix.
• Wrapped initialized app-server request handling, including background thread-start work, in the connection's scoped identity so async downstream work sees the right client.
• Updated ModelClient and realtime paths to use the scoped/session identity for HTTP requests, Responses websocket handshakes, realtime call creation, and sideband/default headers.
• Threaded the per-turn originator through telemetry, connector/app-tool filtering, MCP skill dependency checks, and plugin-install discovery paths so those decisions no longer depend on process-global identity.

Verification

• Added codex-login coverage for scoped identity overriding process-default headers.
• Added app-server coverage for a multi-connection websocket regression where codex-backend initializes first and a later codex_ios thread still sends model requests with codex_ios headers.
• Updated initialize coverage so daemon/backend-style clients receive explicit connection-scoped user agents and explicit initialize identity ignores CODEX_INTERNAL_ORIGINATOR_OVERRIDE.