feat!: harden raw browser control and packaging

- Add safe-by-default policy gates for raw command surfaces: command, script, and serve-http /command.

- Require explicit opt-ins for page reads, browser control, and high-risk commands such as dom.eval, storage.*, and screenshots.

- Remove all cookies support from CLI, SDK, extension commands, permissions, constants, docs, and tests.

- Add diagnostic, events, watch, workspace, remote, raw command, script, HTTP gateway, tree-view, session import/export, and extension info/capability commands.

- Add Chrome Web Store packaging that strips manifest.key while keeping local packages with a stable native-messaging extension ID.

- Bump browser-cli and extension version to 0.14.1 and cover the new behavior with pytest and extension packaging tests.

BREAKING CHANGE: cookies commands and the b.cookies SDK namespace have been removed; generic raw command execution now blocks non-safe commands unless explicitly allowed.

browser_cli/__init__.py

@@ -29,7 +29,6 @@ Commands are grouped into namespaces on the client:
   b.extract  content extraction (links, images, text, json, markdown)
   b.page     page info
   b.storage  localStorage / sessionStorage
-  b.cookies  cookies (list, get, set)
   b.session  sessions (save, load, list, diff, ...)
   b.perf     performance profile + background jobs
   b.extension  control the extension itself
@@ -41,7 +40,6 @@ from browser_cli.client import active_browser_targets, remote_browser_targets, s
 from browser_cli.errors import BrowserNotConnected
 from browser_cli.models import BrowserCounts, Group, Tab
 from browser_cli.sdk import (
-  CookiesNS,
   DecoratorsNS,
   DomNS,
   ExtensionNS,
@@ -85,7 +83,6 @@ class BrowserCLI(FactoryMixin, RoutingMixin):
   extract: ExtractNS
   page: PageNS
   storage: StorageNS
-  cookies: CookiesNS
   session: SessionNS
   perf: PerfNS
   extension: ExtensionNS