#4022: fix: apply sandbox tools denials in /tools/invoke

I discussed this issue with @steipete before opening the PR. This change ensures that the `/tools/invoke` endpoint applies the correct sandbox tool denials. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR introduces a `sendForbidden` helper and updates the `/tools/invoke` gateway handler to enforce sandbox tool denials before continuing with normal tool-policy resolution and execution. This aligns `/tools/invoke` with the sandbox runtime/tool-policy system in `src/agents/sandbox/*`, ensuring sandboxed sessions can’t invoke blocked tools even if they reach the endpoint. <h3>Confidence Score: 3/5</h3> - Mostly safe to merge, but double-check sandbox session key canonicalization to avoid policy gaps. - Changes are small and targeted, but the sandbox decision depends on session key normalization; any mismatch between raw and canonical keys could allow unintended tool access or inconsistent behavior. - src/gateway/tools-invoke-http.ts <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->