refactor: migrate Tool Permissions from Settings to /settings/tools

- Remove Tool Permissions form from settings.html; replace with a
  "Tool Settings →" link that redirects to /settings/tools
- Add Confirmation Gate section to tools_settings.html (allow/deny
  textareas) inside the same form as risk policy — one save covers all
- tools_settings.py save handler now writes allow/deny alongside
  max_risk/whitelist/blacklist into tool_policy.json
- Remove /settings/tool-policy POST route from settings.py (no longer needed)
- Remove get_tool_policy, save_tool_policy, CONFIRM_REQUIRED imports
  from settings.py (now owned by tools_settings.py)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cortex/static/tools_settings.html

@@ -191,6 +191,41 @@
     <!-- ── Tool table ── -->
 {{ tool_table_html }}
 
+    <!-- ── Confirmation gate ── -->
+    <div class="policy-card" style="margin-top:1.75rem;">
+      <h2>Confirmation Gate</h2>
+      <p class="policy-note" style="margin-bottom:0.85rem;">
+        Some tools require explicit confirmation before executing. Override the defaults here.<br>
+        Tools requiring confirmation by default: <code style="font-size:0.78rem;">{{ confirm_required_tools }}</code>
+      </p>
+      <div class="policy-row" style="align-items:flex-start; gap:1.5rem; flex-wrap:wrap;">
+        <div style="flex:1; min-width:200px;">
+          <label style="display:block; font-size:0.8rem; font-weight:600; margin-bottom:0.35rem;">
+            Allow list — bypass confirmation
+          </label>
+          <textarea name="allow_list" rows="4"
+                    placeholder="reminders_clear&#10;cron_remove"
+                    autocomplete="off" spellcheck="false"
+                    style="width:100%; background:var(--pg-bg); border:1px solid var(--pg-border);
+                           border-radius:0.375rem; color:var(--pg-text); padding:0.45rem 0.65rem;
+                           font-size:0.82rem; font-family:monospace; resize:vertical;">{{ tool_allow }}</textarea>
+          <p class="policy-note">One tool name per line. These tools skip the confirmation prompt.</p>
+        </div>
+        <div style="flex:1; min-width:200px;">
+          <label style="display:block; font-size:0.8rem; font-weight:600; margin-bottom:0.35rem;">
+            Deny list — always block
+          </label>
+          <textarea name="deny_list" rows="4"
+                    placeholder="shell_exec&#10;file_write"
+                    autocomplete="off" spellcheck="false"
+                    style="width:100%; background:var(--pg-bg); border:1px solid var(--pg-border);
+                           border-radius:0.375rem; color:var(--pg-text); padding:0.45rem 0.65rem;
+                           font-size:0.82rem; font-family:monospace; resize:vertical;">{{ tool_deny }}</textarea>
+          <p class="policy-note">These tools are always blocked regardless of risk policy.</p>
+        </div>
+      </div>
+    </div>
+
     <div style="margin-top:1.5rem;">
       <button type="submit" class="save-btn">Save tool settings</button>
     </div>