Harden Telegram MCP plugin runtime

[speech115]

This PR applies the security hardening pass from the local review.

Main changes:

• Require bearer-token auth for HTTP/SSE MCP transports.
• Configure the Codex plugin MCP entry to use bearer_token_env_var instead of a literal secret.
• Replace unsafe launchd env loading with a literal env-file parser and permission checks.
• Move log rotation out of inline shell into a checked script.
• Require explicit TELEGRAM_MCP_POWER_MODE=enabled before exposing write/admin/export tools.
• Add outbound local-file path policy for file/voice sends before Telegram entity resolution.
• Require explicit acknowledgement for subscriber PII exports.
• Harden control-plane path trust, redaction, and plugin drift defaults.
• Add reproducible mcp/uv.lock.
• Redact bearer tokens from ops diagnostics and use a direct authenticated MCP client for daemon facade smoke checks.

Verification:

• mcp/.venv/bin/python -m pytest -q mcp/tests -> 230 passed
• control-plane/.venv/bin/python -m pytest -q control-plane/tests/test_control_plane.py control-plane/tests/test_live_smoke.py -> 17 passed, 4 deselected
• python3 plugin/skills/telegram/scripts/smoke_exporter_contract.py -> passed
• git diff --check -> clean
• Live local runtime:
  • 8799 and 8800 authenticated MCP health/doctor/facade smoke passed
  • unauthenticated probes returned HTTP 401
  • default tool surface contains no write/admin/export tools

Notes:

• No raw bearer token is committed.
• Local LaunchAgent token was rotated after diagnostic exposure during verification.