feat(core) Introduce Feature::RequestPermissions (#11871)

## Summary
Introduces the initial implementation of Feature::RequestPermissions.
RequestPermissions allows the model to request that a command be run
inside the sandbox, with additional permissions, like writing to a
specific folder. Eventually this will include other rules as well, and
the ability to persist these permissions, but this PR is already quite
large - let's get the core flow working and go from there!

<img width="1279" height="541" alt="Screenshot 2026-02-15 at 2 26 22 PM"
src="https://github.com/user-attachments/assets/0ee3ec0f-02ec-4509-91a2-809ac80be368"
/>

## Testing
- [x] Added tests
- [x] Tested locally
- [x] Feature

codex-rs/core/src/context_manager/updates.rs

@@ -1,5 +1,6 @@
 use crate::codex::TurnContext;
 use crate::environment_context::EnvironmentContext;
+use crate::features::Feature;
 use crate::shell::Shell;
 use codex_execpolicy::Policy;
 use codex_protocol::config_types::Personality;
@@ -43,6 +44,7 @@ fn build_permissions_update_item(
             next.approval_policy.value(),
             exec_policy,
             &next.cwd,
+            next.features.enabled(Feature::RequestPermissions),
         )
         .into(),
     )