feat: Phase 6.2 宿主机安全操控 — 沙箱执行 + 文件系统隔离 + 进程管理

- host.Sandbox: 命令白名单 + 目录限制 + 超时控制 + 环境变量过滤
- host.Manager: 文件读写列表 + 系统信息查询 + 路径验证
- 3个新工具: host_exec (沙箱命令执行), host_file (文件操作), host_system (系统信息)
- 后台思考器自主工具策略已更新，允许安全使用主机工具
- host_exec 标记为高风险工具，受频率限制

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend/ai-core/internal/background/thinker.go

@@ -131,10 +131,14 @@ type AutonomousToolPolicy struct {
 // DefaultAutonomousToolPolicy 默认安全策略
 func DefaultAutonomousToolPolicy() *AutonomousToolPolicy {
 	return &AutonomousToolPolicy{
-		AllowedTools:         []string{"iot_query", "iot_control", "memory_search", "web_search", "calculator", "datetime", "web_fetch"},
+		AllowedTools: []string{
+			"iot_query", "iot_control", "memory_search", "web_search",
+			"calculator", "datetime", "web_fetch",
+			"host_exec", "host_file", "host_system",
+		},
 		MaxToolCallsPerRound: 5,
 		MaxHighRiskPerHour:   10,
-		HighRiskTools:        []string{"iot_control"},
+		HighRiskTools:        []string{"iot_control", "host_exec"},
 	}
 }