feat!: harden raw browser control and packaging

- Add safe-by-default policy gates for raw command surfaces: command, script, and serve-http /command.

- Require explicit opt-ins for page reads, browser control, and high-risk commands such as dom.eval, storage.*, and screenshots.

- Remove all cookies support from CLI, SDK, extension commands, permissions, constants, docs, and tests.

- Add diagnostic, events, watch, workspace, remote, raw command, script, HTTP gateway, tree-view, session import/export, and extension info/capability commands.

- Add Chrome Web Store packaging that strips manifest.key while keeping local packages with a stable native-messaging extension ID.

- Bump browser-cli and extension version to 0.14.1 and cover the new behavior with pytest and extension packaging tests.

BREAKING CHANGE: cookies commands and the b.cookies SDK namespace have been removed; generic raw command execution now blocks non-safe commands unless explicitly allowed.

tests/test_commands_cli.py

@@ -168,70 +168,6 @@ def test_cli_dom_poll():
     assert result.exit_code == 0
     assert "Matched" in result.output
 
-# ---------------------------------------------------------------------------
-# cookies commands
-# ---------------------------------------------------------------------------
-
-from browser_cli.commands.cookies import cookies_group
-
-def test_cli_cookies_list_empty():
-    result = _run(cookies_group, ["list"], [])
-    assert result.exit_code == 0
-    assert "No cookies found" in result.output
-
-def test_cli_cookies_list_with_cookies():
-    cookies = [{"name": "session", "value": "abc123", "domain": "example.com",
-                "path": "/", "secure": True, "httpOnly": False}]
-    result = _run(cookies_group, ["list"], cookies)
-    assert result.exit_code == 0
-    assert "session" in result.output
-    assert "example.com" in result.output
-
-def test_cli_cookies_list_filter_url():
-    cookies = [{"name": "x", "value": "y", "domain": "example.com",
-                "path": "/", "secure": False, "httpOnly": False}]
-    result = _run(cookies_group, ["list", "--url", "https://example.com"], cookies)
-    assert result.exit_code == 0
-    assert "example.com" in result.output
-
-def test_cli_cookies_list_filter_domain():
-    cookies = [{"name": "x", "value": "y", "domain": "example.com",
-                "path": "/", "secure": False, "httpOnly": False}]
-    result = _run(cookies_group, ["list", "--domain", "example.com"], cookies)
-    assert result.exit_code == 0
-
-def test_cli_cookies_list_filter_name():
-    cookies = [{"name": "session", "value": "abc", "domain": "example.com",
-                "path": "/", "secure": False, "httpOnly": True}]
-    result = _run(cookies_group, ["list", "--name", "session"], cookies)
-    assert result.exit_code == 0
-    assert "session" in result.output
-
-def test_cli_cookies_get_found():
-    cookie = {"name": "tok", "value": "secret123", "domain": "example.com", "path": "/"}
-    result = _run(cookies_group, ["get", "https://example.com", "tok"], cookie)
-    assert result.exit_code == 0
-    assert "secret123" in result.output
-
-def test_cli_cookies_get_not_found():
-    result = _run(cookies_group, ["get", "https://example.com", "missing"], None)
-    assert result.exit_code != 0
-    assert "not found" in result.output
-
-def test_cli_cookies_set():
-    result = _run(cookies_group, ["set", "https://example.com", "tok", "val"], None)
-    assert result.exit_code == 0
-    assert "Set cookie" in result.output
-
-def test_cli_cookies_set_with_options():
-    result = _run(cookies_group, [
-        "set", "https://example.com", "tok", "val",
-        "--secure", "--http-only", "--path", "/app",
-        "--same-site", "lax",
-    ], None)
-    assert result.exit_code == 0
-    assert "Set cookie" in result.output
-
 # ---------------------------------------------------------------------------
 # page commands
 # ---------------------------------------------------------------------------