refactor: 收口 workflow caller credential 与 typed tool request

[jason-aelf]

Summary

• 收口 workflow caller credential：用强类型 WorkflowCallerCredential 替代旧的 connector_http_authorization 字符串/connector runtime context，并在 proto、application request、run execution context 与 actor state 中统一承载。
• 将 direct workflow tool_call 执行切到 WorkflowToolExecutionRequest，显式携带 runId、stepId、executionId、callId、scopeId 与 caller credential，避免工具执行走丢失上下文的 plain path。
• 保持边界职责清晰：Capability API 入口只提取 caller bearer，connector 边界按需重建 Bearer header，Workflow.Integration.AI 边界再映射为 AgentToolExecutionContext，并在 committed state redaction 中清空敏感凭据。
• 收紧 tool approval 链路：抽出 ToolCallMiddlewareChainFactory 保证 approval middleware 位于工具中间件链首位，并为 denied / timeout / pending / middleware termination 提供 ToolCallTerminationKind typed status。
• 更新 scope/service/workflow/capability API、LLM/tool 模块与相关测试，覆盖 caller credential 传播、tool request 上下文、approval 终止状态、ScopeId 桥接和 endpoint 行为。

Test plan

• gh pr checks 1728
• GitHub checks passing: changes, fast-gates, host-composition-smoke, projection-provider-e2e, slow-test-guards, coverage-quality, codecov/patch
• Not run locally in this session.

[codecov]

Codecov Report

❌ Patch coverage is 95.19774% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.17%. Comparing base (d73dd6c) to head (cd15a7c).
⚠️ Report is 35 commits behind head on dev.

Files with missing lines	Patch %	Lines
...ow/Aevatar.Workflow.Core/Modules/ToolCallModule.cs	88.88%	0 Missing and 4 partials ⚠️
...flow.Infrastructure/CapabilityApi/ChatEndpoints.cs	66.66%	0 Missing and 3 partials ⚠️
...Service.Hosting/Endpoints/ScopeServiceEndpoints.cs	92.00%	0 Missing and 2 partials ⚠️
...on/WorkflowCallerCredentialRuntimeContextAccess.cs	94.59%	0 Missing and 2 partials ⚠️
...xecution/WorkflowRunExecutionContextStateAccess.cs	90.00%	0 Missing and 2 partials ⚠️
...orkflow/Aevatar.Workflow.Core/WorkflowRunGAgent.cs	85.71%	0 Missing and 2 partials ⚠️
...ervice.Hosting/Endpoints/ScopeWorkflowEndpoints.cs	92.85%	0 Missing and 1 partial ⚠️
...vatar.Workflow.Core/Modules/ConnectorCallModule.cs	80.00%	0 Missing and 1 partial ⚠️

@@            Coverage Diff             @@
##              dev    #1728      +/-   ##
==========================================
+ Coverage   84.06%   84.17%   +0.11%     
==========================================
  Files        1028     1050      +22     
  Lines       68513    70848    +2335     
  Branches     8885     9158     +273     
==========================================
+ Hits        57593    59639    +2046     
- Misses       7032     7192     +160     
- Partials     3888     4017     +129     

Flag	Coverage Δ
ci	84.17% <95.19%> (+0.11%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
....AI.Abstractions/Middleware/IToolCallMiddleware.cs	100.00% <100.00%> (ø)
src/Aevatar.AI.Core/AIGAgentBase.cs	82.64% <100.00%> (+0.31%)	⬆️
...vatar.AI.Core/Middleware/ToolApprovalMiddleware.cs	95.49% <100.00%> (+3.26%)	⬆️
....Core/Middleware/ToolCallMiddlewareChainFactory.cs	100.00% <100.00%> (ø)
...strap.Extensions.AI/ServiceCollectionExtensions.cs	85.38% <ø> (ø)
...bstractions/Execution/IWorkflowExecutionContext.cs	50.00% <100.00%> (+16.66%)	⬆️
...low.Abstractions/WorkflowCallerCredentialTokens.cs	100.00% <100.00%> (ø)
...ication.Abstractions/Runs/WorkflowChatRunModels.cs	94.62% <100.00%> (+0.05%)	⬆️
...ication/Runs/WorkflowChatRequestEnvelopeFactory.cs	90.32% <100.00%> (+1.03%)	⬆️
...lication/Runs/WorkflowChatRunInteractionService.cs	91.33% <100.00%> (+0.13%)	⬆️
... and 21 more

... and 32 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.