#21723: fix(onboard): raise custom API contextWindow default to 16k

## Summary Fixes `#21653` and incorporates the requested follow-up from the reviewer on tailscale gateway allowlist boundaries. ## Changes ### Custom API onboarding - Raised default custom model context window from `4,096` to `16_000` tokens so custom provider onboarding no longer applies an out-of-range default. - Added non-interactive context/max token overrides to onboarding: - `--custom-context-window` - `--custom-max-tokens` - Added strict validation for both values: - context window must be an integer >= `16000` - max tokens must be an integer >= `1000` - Kept existing defaults (`contextWindow: 16000`, `maxTokens: 4096`) when fields are omitted. - Updated re-onboarding flow so existing custom API model entries are replaced by the re-onboarded model definition when the same `modelId` already exists. ### Gateway private network validation - Added boundary coverage for tailscale addresses in `isPrivateOrLoopbackAddress`: - `100.63.255.255` - `100.128.0.0` - both in plain host and websocket URL forms. ## Validation - `pnpm vitest run --config vitest.e2e.config.ts src/commands/onboard-custom.e2e.test.ts` - `pnpm vitest run src/gateway/net.test.ts` - `pnpm test:fast` ## Confidence Score - **5/5**: This PR is targeted, low-risk, and production-safe. - The custom onboarding changes preserve existing behavior for callers that do not pass new flags, while adding explicit guardrails and deterministic behavior for non-interactive and re-onboarded custom models. - Boundary test additions are additive and do not alter runtime logic beyond explicit assertions for invalid IP edge cases. - No behavioral changes beyond the custom onboarding flow and additional guard coverage, with full test pass on modified suites and full unit fast suite. Fixes #21653