#13665: feat(web-search): add SearXNG as a search provider

Add SearXNG as a fourth web search provider alongside Brave, Perplexity, and Grok. SearXNG is a self-hosted metasearch engine that aggregates results from multiple search engines without requiring an API key. - Add SearXNG provider to search resolution, config schema, and TS types - Add runSearxngSearch() with format=json API, language passthrough - Base URL resolution: config > SEARXNG_BASE_URL env > localhost:8888 - Wrap untrusted SearXNG results with EXTERNAL_UNTRUSTED_CONTENT markers - Early return for SearXNG (no API key required) - Reject unsupported freshness parameter for SearXNG - Cache key includes searxngBaseUrl - Add unit tests (baseUrl resolution) and integration tests (mock fetch) - Add config validation tests (schema acceptance/rejection) - Update docs/tools/web.md with SearXNG setup guide Closes #2317 Closes #11127 <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Adds SearXNG as a self-hosted web search provider alongside Brave, Perplexity, and Grok. SearXNG is a metasearch engine that aggregates results from multiple search engines without requiring an API key. **Key changes:** - Added SearXNG to provider types, config schema, and resolution logic - Implemented `runSearxngSearch()` using format=json API with language passthrough - Base URL resolution follows config > `SEARXNG_BASE_URL` env > `http://localhost:8888` default - Wrapped SearXNG results (title, description) with `EXTERNAL_UNTRUSTED_CONTENT` markers for security - Early return path for SearXNG (no API key validation required) - Properly rejects unsupported `freshness` parameter for SearXNG with clear error message - Cache key includes `searxngBaseUrl` for proper invalidation - Added comprehensive unit tests for baseUrl resolution - Added integration tests covering format=json calls, language parameter, security wrapping, and freshness rejection - Added config validation tests ensuring schema accepts/rejects appropriate keys - Documentation includes Docker setup guide with YAML config, troubleshooting, and integration examples <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation is thorough and well-tested. All changes follow existing patterns for web search providers (mirroring the Perplexity/Grok implementations). Security is properly handled with EXTERNAL_UNTRUSTED_CONTENT wrapping. The code includes comprehensive test coverage (unit tests for config resolution, integration tests for API calls, and config schema validation tests). Documentation is clear and complete. No breaking changes or risky patterns detected. - No files require special attention <!-- greptile_other_comments_section --> <!-- /greptile_comment -->