fix: Revert danger-full-access denylist-only mode (#17732)

## Summary

- Reverts openai/codex#16946 and removes the danger-full-access
denylist-only network mode.
- Removes the corresponding config requirements, app-server
protocol/schema, config API, TUI debug output, and network proxy
behavior.
- Drops stale tests that depended on the reverted mode while preserving
newer managed allowlist-only coverage.

## Verification

- `just write-app-server-schema`
- `just fmt`
- `cargo test -p codex-config network_requirements`
- `cargo test -p codex-core network_proxy_spec`
- `cargo test -p codex-core
managed_network_proxy_decider_survives_full_access_start`
- `cargo test -p codex-app-server map_requirements_toml_to_api`
- `cargo test -p codex-tui debug_config_output`
- `cargo test -p codex-app-server-protocol`
- `just fix -p codex-config -p codex-core -p codex-app-server-protocol
-p codex-app-server -p codex-tui`
- `git diff --cached --check`

Not run: full workspace `cargo test` (repo instructions ask for
confirmation before that broader run).

codex-rs/core/tests/suite/pending_input.rs

@@ -157,6 +157,14 @@ async fn submit_queue_only_agent_mail(codex: &CodexThread, text: &str) {
         })
         .await
         .unwrap_or_else(|err| panic!("submit queue-only agent mail: {err}"));
+    codex
+        .submit(Op::ListMcpTools)
+        .await
+        .unwrap_or_else(|err| panic!("submit list-mcp-tools barrier: {err}"));
+    wait_for_event(codex, |event| {
+        matches!(event, EventMsg::McpListToolsResponse(_))
+    })
+    .await;
 }
 
 async fn wait_for_reasoning_item_started(codex: &CodexThread) {