Add initialize-time server request capabilities so app-server only sends conversational permission confirmation requests to clients that advertise support.
Unsupported clients still fail closed without changing permissions, while capable clients receive the existing request/response flow for narrow grants and preset picker requests.
Add a `request_permission_preset` tool that lets the model route user
requests for sandbox or approval mode changes into the existing picker.
The picker opens with the requested preset selected and reports the final
user choice back to the active turn.
Wire the request through protocol, app-server, core, tools, and TUI
handling so accepted picker choices update the effective permissions while
Full Access still uses the existing confirmation flow.
