feat(app-server): gate permission confirmations by capability

Add initialize-time server request capabilities so app-server only sends conversational permission confirmation requests to clients that advertise support.

Unsupported clients still fail closed without changing permissions, while capable clients receive the existing request/response flow for narrow grants and preset picker requests.

codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalResponse.json

@@ -72,6 +72,7 @@
       "type": "string"
     }
   },
+  "description": "Response from an app client after the narrow permission grant UI resolves.\n\nReturning an empty permission profile is a denial. Returning a non-empty profile grants only those permissions, and core applies them for the specified scope.",
   "properties": {
     "permissions": {
       "$ref": "#/definitions/GrantedPermissionProfile"