#21120: Security/Gateway: guard dangerous HTTP /tools/invoke re-enables

## Summary - add a startup hard guard that blocks dangerous HTTP `/tools/invoke` tool re-enables from `gateway.tools.allow` - require explicit break-glass env (`OPENCLAW_UNSAFE_ALLOW_GATEWAY_HTTP_DANGEROUS_TOOLS=1`) to allow these re-enables - add runtime config regression tests for both reject and override paths ## Testing - `pnpm test src/gateway/server-runtime-config.test.ts` *(fails in this environment: `pnpm` not found)* <!-- greptile_comment --> <h3>Greptile Summary</h3> Added startup guard that blocks dangerous HTTP `/tools/invoke` re-enables (`sessions_spawn`, `sessions_send`, `gateway`, `whatsapp_login`) from `gateway.tools.allow` unless explicit break-glass env `OPENCLAW_UNSAFE_ALLOW_GATEWAY_HTTP_DANGEROUS_TOOLS=1` is set. This hardens the defense-in-depth against RCE by failing fast at startup rather than just warning in security audit. The guard normalizes tool names (trim + lowercase) before checking against `DEFAULT_GATEWAY_HTTP_TOOL_DENY`, matching the runtime filter behavior in `tools-invoke-http.ts:280-281`. Test coverage includes both reject and override paths with proper env cleanup. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - Implementation is security-focused with proper normalization, consistent with existing runtime filter logic, comprehensive test coverage for both reject and override paths, and clear CHANGELOG entry. No logical errors or edge cases found. - No files require special attention _{Last reviewed commit: c21757b} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->