Add request permissions tool (#13092)

Adds a built-in `request_permissions` tool and wires it through the
Codex core, protocol, and app-server layers so a running turn can ask
the client for additional permissions instead of relying on a static
session policy.

The new flow emits a `RequestPermissions` event from core, tracks the
pending request by call ID, forwards it through app-server v2 as an
`item/permissions/requestApproval` request, and resumes the tool call
once the client returns an approved subset of the requested permission
profile.

codex-rs/app-server/tests/common/lib.rs

@@ -29,6 +29,7 @@ pub use models_cache::write_models_cache_with_models;
 pub use responses::create_apply_patch_sse_response;
 pub use responses::create_exec_command_sse_response;
 pub use responses::create_final_assistant_message_sse_response;
+pub use responses::create_request_permissions_sse_response;
 pub use responses::create_request_user_input_sse_response;
 pub use responses::create_shell_command_sse_response;
 pub use rollout::create_fake_rollout;

codex-rs/app-server/tests/common/responses.rs

@@ -83,3 +83,23 @@ pub fn create_request_user_input_sse_response(call_id: &str) -> anyhow::Result<S
         responses::ev_completed("resp-1"),
     ]))
 }
+
+pub fn create_request_permissions_sse_response(call_id: &str) -> anyhow::Result<String> {
+    let tool_call_arguments = serde_json::to_string(&json!({
+        "reason": "Select a workspace root",
+        "permissions": {
+            "file_system": {
+                "write": [
+                    ".",
+                    "../shared"
+                ]
+            }
+        }
+    }))?;
+
+    Ok(responses::sse(vec![
+        responses::ev_response_created("resp-1"),
+        responses::ev_function_call(call_id, "request_permissions", &tool_call_arguments),
+        responses::ev_completed("resp-1"),
+    ]))
+}