hardening: gate plugins, add hook timeouts, and sanitize metadata

[mczabca-boop]

Rebased after TinyAGI/tinyclaw PR #127 merge.\n\nThis is the base PR of the stack and should be merged first.\n\nIncludes:\n- plugin hardening\n- hook timeout controls\n- metadata sanitization\n\nFollow-up stacked PR (continuation): mczabca-boop#1

[mczabca-boop]

Changes:

• Add explicit plugin enable gate:
  • TINYCLAW_PLUGINS_ENABLED=1 required to load plugins
• Add timeout protection:
  • TINYCLAW_PLUGIN_HOOK_TIMEOUT_MS (default 1500)
  • TINYCLAW_PLUGIN_ACTIVATE_TIMEOUT_MS (default 3000)
• Add outgoing metadata allowlist/sanitization in queue processor:
  • currently only allows parseMode === "MarkdownV2"
• Document trust boundary and env controls in README (Plugin Security section)

Why

#127 introduces dynamic plugin loading from local filesystem.
This PR reduces risk and blast radius by:

• disabling plugin execution by default
• preventing plugin hangs from blocking processing
• preventing arbitrary metadata passthrough to channel clients
• documenting that plugins are fully trusted local code

Testing

• npm run -s build:main passes
• Queue startup with plugins disabled:
  • logs Plugins disabled..., normal startup/shutdown
• Queue startup with plugins enabled and no plugin dir:
  • logs No plugins directory found, normal startup/shutdown
• Timeout smoke test:
  • injected a temporary plugin with slow activate()
  • observed timeout log (activate timed out ...)
  • queue still starts and continues running