guardian initial feedback / tweaks (#13897)

## Summary
- remove the remaining model-visible guardian-specific `on-request`
prompt additions so enabling the feature does not change the main
approval-policy instructions
- neutralize user-facing guardian wording to talk about automatic
approval review / approval requests rather than a second reviewer or
only sandbox escalations
- tighten guardian retry-context handling so agent-authored
`justification` stays in the structured action JSON and is not also
injected as raw retry context
- simplify guardian review plumbing in core by deleting dead
prompt-append paths and trimming some request/transcript setup code

## Notable Changes
- delete the dead `permissions/approval_policy/guardian.md` append path
and stop threading `guardian_approval_enabled` through model-facing
developer-instruction builders
- rename the experimental feature copy to `Automatic approval review`
and update the `/experimental` snapshot text accordingly
- make approval-review status strings generic across shell, patch,
network, and MCP review types
- forward real sandbox/network retry reasons for shell and unified-exec
guardian review, but do not pass agent-authored justification as raw
retry context
- simplify `guardian.rs` by removing the one-field request wrapper,
deduping reasoning-effort selection, and cleaning up transcript entry
collection

## Testing
- `just fmt`
- full validation left to CI

---------

Co-authored-by: Codex <noreply@openai.com>

codex-rs/tui/src/chatwidget/snapshots/codex_tui__chatwidget__tests__experimental_popup_includes_guardian_approval.snap

@@ -11,8 +11,9 @@ expression: popup
   [ ] Multi-agents                 Ask Codex to spawn multiple agents to parallelize the work and win in efficiency.
   [ ] Apps                         Use a connected ChatGPT App using "$". Install Apps via /apps command. Restart
                                    Codex after enabling.
-  [ ] Guardian approvals           Let a guardian subagent review `on-request` approval prompts instead of showing
-                                   them to you, including sandbox escapes and blocked network access.
+  [ ] Automatic approval review    Dispatch `on-request` approval prompts (for e.g. sandbox escapes or blocked network
+                                   access) to a carefully-prompted security reviewer subagent rather than blocking the
+                                   agent on your input.
   [ ] Prevent sleep while running  Keep your computer awake while Codex is running a thread.
 
   Press space to select or enter to save for next conversation

codex-rs/tui/src/chatwidget/snapshots/codex_tui__chatwidget__tests__experimental_popup_includes_guardian_approval_linux.snap

@@ -12,8 +12,9 @@ expression: popup
   [ ] Multi-agents                 Ask Codex to spawn multiple agents to parallelize the work and win in efficiency.
   [ ] Apps                         Use a connected ChatGPT App using "$". Install Apps via /apps command. Restart
                                    Codex after enabling.
-  [ ] Guardian approvals           Let a guardian subagent review `on-request` approval prompts instead of showing
-                                   them to you, including sandbox escapes and blocked network access.
+  [ ] Automatic approval review    Dispatch `on-request` approval prompts (for e.g. sandbox escapes or blocked network
+                                   access) to a carefully-prompted security reviewer subagent rather than blocking the
+                                   agent on your input.
   [ ] Prevent sleep while running  Keep your computer awake while Codex is running a thread.
 
   Press space to select or enter to save for next conversation