permissions: remove macOS seatbelt extension profiles

[bolinfest]

Why

PermissionProfile should only describe the per-command permissions we still want to grant dynamically. Keeping MacOsSeatbeltProfileExtensions in that surface forced extra macOS-only approval, protocol, schema, and TUI branches for a capability we no longer want to expose.

What changed

• Removed the macOS-specific permission-profile types from codex-protocol, the app-server v2 API, and the generated schema/TypeScript artifacts.
• Deleted the core and sandboxing plumbing that threaded MacOsSeatbeltProfileExtensions through execution requests and seatbelt construction.
• Simplified macOS seatbelt generation so it always includes the fixed read-only preferences allowlist instead of carrying a configurable profile extension.
• Removed the macOS additional-permissions UI/docs/test coverage and deleted the obsolete macOS permission modules.
• Tightened request_permissions intersection handling so explicitly empty requested read lists are preserved only when that field was actually granted, avoiding zero-grant responses being stored as active permissions.

[celia-oai]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep them coming!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[celia-oai]

let's just include this as part of MACOS_SEATBELT_BASE_POLICY?

[bolinfest]

addressing in follow-up #15931