Update guardian output schema (#17061)

## Summary
- Update guardian output schema to separate risk, authorization,
outcome, and rationale.
- Feed guardian rationale into rejection messages.
- Split the guardian policy into template and tenant-config sections.

## Validation
- `cargo test -p codex-core mcp_tool_call`
- `env -u CODEX_SANDBOX_NETWORK_DISABLED INSTA_UPDATE=always cargo test
-p codex-core guardian::`

---------

Co-authored-by: Owen Lin <owen@openai.com>

codex-rs/app-server-protocol/src/protocol/item_builders.rs

@@ -225,8 +225,8 @@ pub fn guardian_auto_approval_review_notification(
                 GuardianApprovalReviewStatus::Aborted
             }
         },
-        risk_score: assessment.risk_score,
         risk_level: assessment.risk_level.map(Into::into),
+        user_authorization: assessment.user_authorization.map(Into::into),
         rationale: assessment.rationale.clone(),
     };
     let action = assessment.action.clone().into();