#11096: fix(plugins): require explicit trust for workspace and external plugins

## Summary - disable auto-loading of workspace plugins by default and require explicit trust via `plugins.workspace.enabled=true` - change non-bundled plugin default from enabled to disabled, requiring explicit `plugins.entries.<id>.enabled=true` - add config/type/schema support for `plugins.workspace.enabled` and update plugin loader/config-state tests for the new security defaults ## Testing - `source ~/.zshrc && pnpm test src/plugins/config-state.test.ts src/plugins/loader.test.ts src/plugins/discovery.test.ts src/config/schema.test.ts` ## Issue - Fixes #11031 - https://github.com/openclaw/openclaw/issues/11031 <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR tightens plugin security defaults by (1) adding a `plugins.workspace.enabled` toggle to control auto-discovery under `<workspace>/.openclaw/extensions` (defaulting to disabled), and (2) changing the default enablement behavior so non-bundled plugins are disabled unless explicitly enabled via `plugins.entries.<id>.enabled=true`. It updates config schema/type/Zod validation accordingly and adjusts loader/config-state tests to assert the new defaults and error messaging. <h3>Confidence Score: 3/5</h3> - This PR is directionally safe but has a trust-gating gap that can allow workspace plugins to run without `plugins.workspace.enabled=true` in some configurations. - Core schema/type/test updates are consistent with the intended new defaults, but the workspace trust check is currently keyed only off `origin === "workspace"`; if a plugin from the workspace extensions directory is loaded via configured load paths (or otherwise misclassified origin), the explicit workspace-trust requirement can be bypassed. - src/plugins/config-state.ts (and the code paths that assign PluginRecord.origin / load-by-path behavior) <!-- greptile_other_comments_section --> <!-- /greptile_comment -->