#20399: feat(whatsapp): surface inbound reaction events to agent session

Subscribes to Baileys messages.reaction events and surfaces them as system events into the agent session. Adds reactionNotifications config for WhatsApp. ### Changes - Listen for messages.reaction events in WhatsApp monitor - Add reactionNotifications config support - Emit reactions as system events into the agent session <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR adds support for surfacing WhatsApp reaction events into agent sessions. It introduces a `reactionNotifications` config option (`"off"` | `"own"` | `"all"`) at both the root and per-account level, subscribes to Baileys `messages.reaction` events, and emits them as system events routed to the correct agent session. - Config plumbing is clean and consistent: type definitions, Zod schema, account resolution, and threading through the monitor all follow established patterns. - The reaction handler correctly identifies the reactor via `reaction.key` fields and filters for "own" mode using `key.fromMe` on the target message. - Event cleanup on socket close properly deregisters the new `messages.reaction` listener. - **Issue**: The reaction handler does not enforce access control (`allowFrom`, `dmPolicy`, `groupPolicy`) or filter `@status`/`@broadcast` JIDs, unlike the message handler. This means reactions from unauthorized senders or on status updates could generate system events reaching the agent. <h3>Confidence Score: 3/5</h3> - Generally safe to merge but the reaction handler lacks access control checks present in the message handler, which could surface events from unauthorized senders. - The config plumbing, type definitions, and event lifecycle management are all well-done and follow existing patterns. The reaction handler's core logic (reactor identification, mode filtering, routing) is correct. However, the missing access control check means reactions bypass `allowFrom`, `dmPolicy`, and `groupPolicy` restrictions, which is inconsistent with the message handler and could leak information to the agent from unauthorized users. The feature defaults to "off" which mitigates risk for existing users. - `src/web/inbound/monitor.ts` — the reaction handler should be reviewed for access control consistency with the message handler. _{Last reviewed commit: 87cc9b8} <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->