#21101: Security/Voice Call: gate skipSignatureVerification to local-dev or explicit override

This PR reopens the voice-call signature verification hardening from the previously closed PR after branch-name cleanup. Summary: - Restrict `skipSignatureVerification` to local-dev safe contexts or explicit override. - Add config/runtime tests for enforcement behavior. - Include current CI-compatible test typing fix required by `pnpm check`. Replaces: #21068 <!-- greptile_comment --> <h3>Greptile Summary</h3> Hardens voice-call security by restricting `skipSignatureVerification` to safe local-dev contexts only. The change prevents accidentally disabling webhook signature verification in production or when using tunnels/public URLs. Adds comprehensive test coverage for the new policy enforcement and includes an unrelated test typing fix for `update-cli.test.ts`. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - Security hardening with comprehensive test coverage and clear validation logic. The changes appropriately restrict a dangerous configuration option to safe contexts only, with an explicit override for testing. The test typing fix is a necessary cleanup. No logical errors or edge cases identified. - No files require special attention _{Last reviewed commit: 5afef25} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->