#18845: feat(config): add strictLoopback config option for Debug UI security

Adds strictLoopback field to gateway config schema for hardening Control UI defaults. Part of PR #6590. <!-- greptile_comment --> <h3>Greptile Summary</h3> Added `strictLoopback` config field to `GatewayControlUiConfig` type and Zod schema. However, the PR has critical issues: - PR body describes an unrelated change (plugin precedence warnings) instead of the actual `strictLoopback` feature - The new config field has no implementation - it's defined but never checked or enforced anywhere - No tests added for the new config option - Unclear interaction with existing `gateway.bind` config which already supports loopback-only binding - Missing security audit integration (similar fields like `allowInsecureAuth` have audit checks in `src/security/audit.ts`) The PR appears incomplete - it adds the schema definition but lacks the actual runtime enforcement logic that would make this security feature functional. <h3>Confidence Score: 1/5</h3> - This PR is incomplete and should not be merged in its current state - The PR adds a security config option without any implementation. The `strictLoopback` field is defined in types but never used, meaning it has no effect. Additionally, the PR body describes a completely different feature, indicating significant confusion about what this PR is meant to do. The feature is non-functional and may give users a false sense of security. - All files need attention: `PR_BODY.md` has wrong content, and the code changes are incomplete without implementation _{Last reviewed commit: 8f43279} <!-- greptile_other_comments_section --> _{(4/5) You can add custom instructions or style guidelines for the agent [here](https://app.greptile.com/review/github)!} <!-- /greptile_comment -->