fix(core): gate project .opencode tools behind permission prompts

[gula00]

Issue for this PR

Closes #7163

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

This PR adds a permission gate before loading project .opencode tools.

Before this change, tool files under project .opencode/tool(s) could be imported during tool registry initialization. Since those files are executable code, this could run untrusted project code too early.

Now, project .opencode tool loading goes through PermissionNext.ask first (permission name: .opencode).

If permission is denied, project tools are skipped.

If allowed, loading continues as before.

I kept this change minimal:

• packages/opencode/src/tool/registry.ts
• packages/opencode/src/session/prompt.ts (passes sessionID so the ask flows through existing session permissions)

How did you verify your code works?

• Ran:
  • bun run --cwd packages/opencode --conditions=browser src/index.ts run "ping" --print-logs --log-level DEBUG
• Verified in logs:
  • .opencode permission request is emitted
  • when auto-rejected in run mode, project custom tools are skipped
  • core tools still load and command completes (pong)

Screenshots / recordings

N/A (no UI change)

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

[github-actions]

Thanks for updating your PR! It now meets our contributing guidelines. 👍