#8402: fix(ui): bypass /api in Control UI handler

**Summary** - Skip Control UI SPA fallback for `/api` routes to return JSON responses. Fixes #8183. - Add a focused gateway unit test for `/api` bypass behavior. **Testing** - `pnpm vitest run --config vitest.gateway.config.ts src/gateway/control-ui.http.test.ts` <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adjusts the Control UI HTTP handler so that requests targeting `/api` (both at the root and under a configured Control UI `basePath`) bypass the SPA fallback logic and can be handled by downstream JSON/API routing. It also adds a focused gateway unit test to assert that `/api/*` paths are not claimed by the Control UI handler. The change fits into the gateway request pipeline by making `handleControlUiHttpRequest` return `false` for API routes, allowing the gateway’s API router/middleware to respond instead of serving `index.html`. <h3>Confidence Score: 4/5</h3> - This PR is likely safe to merge and addresses the intended routing bug with low surface area changes. - The bypass logic is simple and the added test covers both root and nested base paths. Main remaining concern is an observable behavior change for non-GET/HEAD requests to `/api/*` when `basePath` is empty (previously 405, now falls through), which may or may not be desired depending on the gateway chain. - src/gateway/control-ui.ts (method gating vs /api bypass ordering) <!-- greptile_other_comments_section --> <!-- /greptile_comment -->