#23364: Gateway: add risk-ack interlock for dangerous Control UI flags

## Summary - require `OPENCLAW_I_UNDERSTAND_RISK=1` when dangerous Control UI flags are enabled - keep `OPENCLAW_UNSAFE_ALLOW_CONTROL_UI_BYPASS=1` requirement for `dangerouslyDisableDeviceAuth` - update config help text and runtime/e2e tests for the new startup interlock ## Why This makes dangerous Control UI downgrades an explicit break-glass action and reduces accidental insecure startup. ## Tests - pnpm test src/gateway/server-runtime-config.test.ts - pnpm test:e2e src/gateway/server.auth.e2e.test.ts - pnpm tsgo - pnpm check <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR implements a comprehensive security hardening initiative centered around making dangerous Control UI configuration downgrades an explicit break-glass action. The key changes include: - Required `OPENCLAW_I_UNDERSTAND_RISK=1` environment variable for both `gateway.controlUi.allowInsecureAuth` and `gateway.controlUi.dangerouslyDisableDeviceAuth` flags - Layered protection for `dangerouslyDisableDeviceAuth` requiring both `OPENCLAW_UNSAFE_ALLOW_CONTROL_UI_BYPASS=1` and `OPENCLAW_I_UNDERSTAND_RISK=1` - Control UI path traversal hardening using `fs.realpathSync()` and `isWithinDir()` to block symlink escapes - Platform-wide TLS enforcement: Android, iOS, and macOS clients now require TLS for non-loopback gateway connections - Client-side websocket security validations blocking insecure `ws://` connections to non-loopback hosts - Extended similar dangerous tool protection to gateway HTTP `/tools/invoke` endpoint with `OPENCLAW_UNSAFE_ALLOW_GATEWAY_HTTP_DANGEROUS_TOOLS=1` - Updated help text in config schema to document the new environment variable requirements - Comprehensive test coverage across unit, integration, and e2e test suites <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with no identified issues - The implementation demonstrates excellent security engineering with defense-in-depth approach, comprehensive test coverage across all platforms, consistent validation logic, and proper documentation. The changes follow established patterns, introduce no breaking changes to normal operation, and only add required acknowledgements for already-dangerous configuration flags. All edge cases are properly tested including symlink escapes, absolute path attempts, loopback detection across IPv4/IPv6, and multi-platform TLS enforcement. - No files require special attention _{Last reviewed commit: db14f8b} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->