Block direct exec tool for Octo

[pmbstyle]

Motivation

• Prevent the Octo runtime from exposing and executing the exec_run shell tool directly as part of its active tool set to reduce risk of arbitrary host command execution.
• Ensure CLI tool-resolution diagnostics reflect the same denylist so administrators see accurate availability and blocked reasons.
• Add regression coverage to prevent accidental re-exposure of exec_run in Octo's active tool set.

Description

• Add a new policy step octo.direct_exec_denylist that denies exec_run to _get_octo_tools in src/octopal/runtime/octo/router.py so exec_run is removed from Octo's available tools by default.
• Apply the same octo.direct_exec_denylist to CLI resolution via _octo_tool_policy_steps in src/octopal/cli/main.py to keep the CLI snapshot consistent with runtime policy.
• Update tests in tests/test_octo_tool_loop.py, tests/test_router_tool_budget.py, and tests/test_cli_tools_resolve.py to assert exec_run is not present in Octo active tools and that attempted exec_run calls return a policy block.

Testing

• Ran lint fixes and checks with uv run ruff check ... which passed after an automated import reordering fix.
• Executed targeted tests with PYTHONPATH="src:.venv/lib/python3.14/site-packages" pytest ... for the modified tests and observed the targeted suite pass (4 passed, 20 warnings).
• Verified bytecode compilation with uv run python -m compileall src/octopal ... which completed successfully.
• Attempted full dev dependency sync with uv sync --extra dev and uv pip install pytest pytest-asyncio, but these failed due to PyPI tunnel/network errors in the environment and did not block the targeted validations.

---

Codex Task