feat: add Codex Local AI provider

[fedepalu2]

Description

Adds a Codex Local AI provider that lets OpenReel call a trusted loopback Codex bridge instead of hosted OpenAI/Anthropic APIs for text enhancement, and exposes the same provider choice for image editing/generation workflows.

Related Issue

No linked issue.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Code refactoring
• Test coverage improvement

Changes Made

• Added a typed Codex Local client with loopback endpoint validation and response parsing for text and image bridge contracts.
• Added Codex Local to the settings provider registry without showing it as an API-key service.
• Wired text enhancement to Codex Local when selected as the AI Assistant provider.
• Added a Codex Local image dialog that submits source image edits to a local bridge when selected as the AI Aggregator.
• Added an optional pnpm codex:bridge development bridge backed by codex exec for text enhancement.
• Added documentation covering the bridge contract and security notes.

Testing

Test Plan:

• All existing tests pass (pnpm test)
• TypeScript compiles without errors (pnpm typecheck)
• Added new tests for new functionality
• Manually tested in browser

Commands run locally:

• npx pnpm install --frozen-lockfile
• npx pnpm --filter @openreel/web typecheck
• npx pnpm --filter @openreel/web test:run -- src/services/codex-local.test.ts
• npx pnpm --filter @openreel/web lint (passes with existing repo warnings)
• npx pnpm --filter @openreel/web build (passes with existing Vite warnings)
• pnpm codex:bridge health check via GET http://127.0.0.1:14567/health
• Vite preview smoke test with Playwright screenshot at http://127.0.0.1:4173

Browsers Tested:

• Chrome
• Edge
• Other: Playwright Chromium

Screenshots/Videos

Preview smoke screenshot captured locally from the built app. Not attached because the first screen is unchanged by this provider integration.

Security Notes

• The browser client rejects non-loopback Codex Local bridge endpoints.
• The development bridge binds to 127.0.0.1 by default and rejects non-loopback host overrides.
• The bridge uses an Origin allowlist, a small request body limit, spawn() argument arrays instead of shell interpolation, and codex exec --sandbox read-only --ask-for-approval never.
• Codex Local requests are not routed through the Cloudflare proxy.
• Quick agent-security scan was run; repo-level workflow findings were pre-existing and not introduced by this PR.

Checklist

• My code follows the project's coding style (see CONTRIBUTING.md)
• I have performed a self-review of my own code
• I have commented complex/non-obvious code
• I have updated relevant documentation
• My changes generate no new warnings or errors
• I have removed all console.log statements and debug code
• New and existing tests pass locally
• I have checked my code builds successfully

Additional Context

This is intentionally scoped as a provider/bridge integration rather than a broader timeline-control agent. The included bridge implements text enhancement; image-capable local bridges can implement the documented /v1/images/edits contract and OpenReel will consume the result.