feat!: harden raw browser control and packaging

- Add safe-by-default policy gates for raw command surfaces: command, script, and serve-http /command.

- Require explicit opt-ins for page reads, browser control, and high-risk commands such as dom.eval, storage.*, and screenshots.

- Remove all cookies support from CLI, SDK, extension commands, permissions, constants, docs, and tests.

- Add diagnostic, events, watch, workspace, remote, raw command, script, HTTP gateway, tree-view, session import/export, and extension info/capability commands.

- Add Chrome Web Store packaging that strips manifest.key while keeping local packages with a stable native-messaging extension ID.

- Bump browser-cli and extension version to 0.14.1 and cover the new behavior with pytest and extension packaging tests.

BREAKING CHANGE: cookies commands and the b.cookies SDK namespace have been removed; generic raw command execution now blocks non-safe commands unless explicitly allowed.

extension/src/commands/extension.ts

@@ -8,5 +8,36 @@ export class ExtensionCommands extends CommandGroup {
       setTimeout(() => chrome.runtime.reload(), 200);
       return { reloading: true };
     },
+    "extension.info": () => this.extensionInfo(),
+    "extension.capabilities": () => this.capabilities(),
   };
+
+  private capabilities() {
+    return [
+      "extension.info",
+      "extension.capabilities",
+      "navigate.open.focus",
+      "navigate.open.background",
+      "tabs.close.tabIds",
+      "tabs.merge_windows.audibleAware",
+      "session.export",
+      "session.import",
+      "jobs.progress",
+      "jobs.cancel",
+      "content-dispatch.bundle",
+    ];
+  }
+
+  private extensionInfo() {
+    const manifest = chrome.runtime.getManifest();
+    return {
+      id: chrome.runtime.id,
+      name: manifest.name,
+      version: manifest.version,
+      manifestVersion: manifest.manifest_version,
+      browser: navigator.userAgent,
+      platform: navigator.platform,
+      capabilities: this.capabilities(),
+    };
+  }
 }