#23719: Gateway: fail closed startup on insecure state/config permissions

## Summary Reopening the startup fail-closed hardening as a fresh PR because #23438 could not be reopened via GitHub API. - refuse startup when state/config/env/credential permissions are group/world readable - provide actionable remediation path via `openclaw doctor --fix` Supersedes: #23438 <!-- greptile_comment --> <h3>Greptile Summary</h3> Added startup permission safety check that prevents the gateway from starting when state/config/env/credential files have insecure group or world read/write permissions. The check runs early in the gateway startup sequence (after config validation but before plugin auto-enable) and throws a descriptive error with remediation instructions pointing to `openclaw doctor --fix`. The implementation reuses the existing `inspectPathPermissions` and permission auditing infrastructure from `src/security/audit-fs.ts`, and recursively scans all credentials directory contents. Tests cover the happy path (secure permissions), world-readable config, and group-readable credentials scenarios on POSIX systems. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation follows established patterns in the codebase, reuses well-tested permission checking infrastructure, includes proper test coverage, and provides clear error messages with actionable remediation. The fail-closed approach is conservative and appropriate for security hardening. The integration point in server startup is correct (after config validation, before plugin processing), and the doctor --fix command already supports permission fixes. - No files require special attention _{Last reviewed commit: e688d32} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->