fix: backport remaining security and runtime hardening updates

[bitifirefly]

Summary

This PR completes the remaining high-value upstream backports in one batch.

1) Filesystem path-boundary security

• replace startswith() path boundary checks with Path.relative_to()
• add regression test for the workspace vs workspace_evil bypass shape

2) Exec tool hardening + config enhancement

• add tools.exec.pathAppend (default empty)
• pass pathAppend through AgentLoop and SubagentManager into ExecTool
• append extra PATH entries with os.pathsep for subprocess execution
• strengthen workspace guard path extraction for:
  • full Windows absolute paths
  • ~ home paths
  • quoted absolute/home paths
• add coverage for path extraction, home-path blocking, and pathAppend behavior

3) Allowlist/auth hardening

• remove generic token-splitting (sender_id.split("|")) from BaseChannel.is_allowed
• keep Telegram backward compatibility by allowing id|username matching only inside Telegram with strict shape checks
• add base-channel and Telegram allowlist regression tests

4) Email dedupe stability improvement

• replace "clear all" UID dedupe reset with oldest-entry eviction down to half capacity
• add targeted unit test for eviction behavior

Validation

• ruff check ... (touched files)
• pytest -q tests/test_base_channel.py tests/test_tool_validation.py tests/test_exec_security.py tests/test_filesystem_tools_workspace.py tests/test_telegram_send_reply.py tests/test_email_channel.py tests/test_tool_domain_manager.py
• pytest -q (full suite)

Result: 417 passed, 5 warnings