feat(request-permissions) approve with strict review (#19050)

## Summary
Allow the user to approve a request_permissions_tool request with the
condition that all commands in the rest of the turn are reviewed by
guardian, regardless of sandbox status.

## Testing
- [x] Added unit tests
- [x] Ran locally

codex-rs/app-server/tests/suite/v2/request_permissions.rs

@@ -99,6 +99,7 @@ async fn request_permissions_round_trip() -> Result<()> {
                 }),
             },
             scope: PermissionGrantScope::Turn,
+            strict_auto_review: None,
         })?,
     )
     .await?;