feat: configurable auto-safe policy with global + per-project settings

[iabdousd]

Summary

• New global Auto-safe Settings tab + per-project override section let you allow/deny tool categories (read, write, web search, web fetch domains, MCP servers) and edit Bash deny patterns. Project overrides win over globals at evaluation time; worktree-protection hard blocks remain non-disable-able.
• Backend stores a single global policy JSON in a new `global_settings` table and per-project sparse overrides in a new `projects.auto_safe_override` column. Live sessions hold the policy in an `ArcSwap` so edits propagate without restart.
• Renamed the per-task `TrustLevel::Normal` → `AutoSafe` (string `"normal"` → `"auto_safe"`) with a DB migration that converts existing rows. Numeric encoding unchanged so live atomics survive the rename.
• `.verun.json` import/export now round-trips an optional `autoSafeOverride` key alongside hooks.

Spec: `docs/superpowers/specs/2026-05-02-auto-safe-policy-settings-design.md`
Plan: `docs/superpowers/plans/2026-05-02-auto-safe-policy-settings.md`

Test plan

• `make check` (rust check + tests + clippy + tsc + vitest) — green
• 594 Rust tests pass; 545 frontend tests pass
• Manual end-to-end in `pnpm tauri dev`:
  • Auto-safe tab loads with seeded defaults
  • Switching Web search to `Auto-allow` lets a fresh task run `WebSearch` without prompting
  • Web fetch `Allowed domains only` with `github.com` allows `api.github.com`, prompts for `example.com`
  • Adding `npm publish` as a Bash deny pattern triggers approval; removing `rsync` lets it auto-allow
  • Per-project override of Read scope to `Anywhere on disk` is project-scoped
  • Unchecking `sudo` in a project's Bash list allows it there but still prompts elsewhere
  • Settings persist across app restart
  • Exporting + re-importing `.verun.json` round-trips `autoSafeOverride`