feat: harden remote serve and reuse connections

- Gate TCP serve commands with safe-by-default policies, per-key allow tokens, per-key rate limiting, and audit labels.
- Reuse authenticated encrypted remote sessions and parallelize/caches multi-browser fanout to reduce repeated handshake roundtrips.
- Increase paged native-host batch size with extension-side byte budgeting to speed large tab listings safely.
- Point install output at public Chrome Web Store / Firefox AMO listings by default, with --dev preserving unpacked workflows.
- Share search-engine metadata between CLI and SDK and bump the package/extension version to 0.16.0.
- Cover the new security, pooling, paging, install, and fanout behavior with expanded Python and extension tests.

browser_cli/auth/__init__.py

@@ -17,9 +17,11 @@ from browser_cli.auth.agent import (
 )
 from browser_cli.auth.keys import (
   add_authorized_key,
+  format_authorized_line,
   generate_keypair,
   load_authorized_keys,
   load_authorized_keys_with_names,
+  load_authorized_keys_with_policies,
   load_private_key,
   public_key_hex,
 )
@@ -51,9 +53,11 @@ __all__ = [
   "agent_list_keys",
   "agent_sign_raw",
   "canonical_payload",
+  "format_authorized_line",
   "generate_keypair",
   "load_authorized_keys",
   "load_authorized_keys_with_names",
+  "load_authorized_keys_with_policies",
   "load_private_key",
   "new_nonce",
   "pq_decrypt",