[codex] Harden account storage and web access

[HongjieS]

Summary

• Default browser dashboard binding to localhost and require a session token when binding to non-loopback hosts.
• Encrypt local account storage with an OS credential-store-backed key, while still reading legacy plaintext stores for migration on next save.
• Replace the hardcoded full-backup passphrase with user-provided passphrases for export/import.
• Add a restrictive Tauri CSP and update vulnerable frontend dependencies through pnpm workspace overrides.
• Add a cross-platform Node Tauri wrapper so pnpm tauri ... does not require POSIX sh on Windows.

Security Notes

• Non-local browser mode now prints a tokenized URL unless CODEX_SWITCHER_WEB_TOKEN is provided.
• Full .cswf backups now require a minimum 12-character passphrase and no longer use a repository-committed secret.
• Existing plaintext accounts.json files continue to load; subsequent saves write the encrypted format.

Verification

• cargo test
• pnpm build
• pnpm audit --audit-level moderate
• pnpm tauri --version