feat: add browser policy controls for CLI-first browser tool usage

[kaitranntt]

Description

Add explicit browser policy controls so users can decide how aggressively CCS-managed browser tooling is exposed to model runtimes.

Recent feedback shows that some users do not want browser tooling available by default because it can trigger unwanted browser-tool calls and unnecessary token spend.

Goals

• Add browser policy controls on the CLI surface first
• Keep the first iteration focused on runtime availability/control, not setup
• Follow with dashboard controls later after the CLI behavior is stable

Scope

Phase 1:

• CLI-first browser policy controls
• cover both Claude Browser Attach and Codex browser tooling where relevant
• make the policy explicit and user-controlled

Phase 2:

• dashboard parity for the same browser policy controls
• status/help/docs updates once the CLI contract is settled

Notes

• This is intentionally separate from PR feat: add browser setup flow for Claude attach #1050 to keep browser setup/remediation scope clean
• The core problem is control over browser tool availability/usage policy, not basic browser setup

[github-actions]

[bot] Available in 7.73.0-dev.2. Install: ccs update --dev

[kaitranntt]

🎉 This issue has been resolved in version 7.74.0 🎉

The release is available on:

• npm package (@latest)
• GitHub release