#21186: fix(gateway): strict loopback guard for Control UI (v2)

## Summary Implements a strict loopback guard for the Control UI to prevent accidental exposure when the gateway is bound to non-localhost interfaces. This PR supersedes #21170, fixing a critical regression where the guard was applied to *all* traffic. ## Changes - **NEW**: `src/gateway/control-ui-loopback-guard.ts`: Middleware to check remote address. - **NEW**: `src/gateway/control-ui-loopback-guard.test.ts`: Unit tests for guard and path matching. - **MODIFY**: `src/gateway/server-http.ts`: Apply guard *only* to Control UI routes using `isControlUiRequest`. - **MODIFY**: `src/gateway/control-ui.ts`: Export `isControlUiRequest` helper. ## Fix Details In PR #21170, the guard was applied unconditionally inside the `if (controlUiEnabled)` block, which (due to placement) affected all requests falling through to that point. This PR uses `isControlUiRequest` to ensure only actual Control UI traffic is checked. <!-- greptile_comment --> <h3>Greptile Summary</h3> Fixes a critical regression from PR #21170 where the loopback guard was applied to ALL gateway traffic instead of just Control UI routes. This PR correctly scopes the guard by using `isControlUiRequest()` to check if the request targets Control UI paths before applying the security check. **Key changes:** - Adds `isControlUiRequest()` helper function to identify Control UI requests (avatars and UI routes) - Guard now only runs for actual Control UI traffic, not for `/api/hooks`, OpenAI, Slack, or other endpoints - Maintains proper request handler ordering: hooks/OpenAI/Slack handlers run first, then Control UI guard - Comprehensive test coverage for both guard behavior and path matching logic <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The fix correctly addresses the regression by scoping the guard to only Control UI requests. The implementation properly leverages the existing request handler order where hooks/OpenAI/Slack handlers execute before the Control UI block, preventing false positives. Test coverage is comprehensive. - No files require special attention _{Last reviewed commit: baf55cd} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->