Litter overrides remote Codex permissions; add Inherit server config mode

[jelenv]

Issue

Litter currently sends explicit approval/sandbox values on thread start/resume/fork, so remote Codex ~/.codex/config.toml does not actually control session permissions by default.

Observed behavior:

• iOS defaults to never + workspace-write in apps/ios/Sources/Litter/Models/AppState.swift:32
• Android defaults to never + workspace-write in apps/android/app/src/main/java/com/litter/android/state/AppLaunchState.kt:29
• Those values are forwarded on thread start/resume/fork in apps/ios/Sources/Litter/Models/AppRpcParams.swift:10 and apps/android/app/src/main/java/com/litter/android/state/RpcParams.kt:37
• Upstream only inherits server config when these fields are omitted; otherwise they become per-thread overrides in shared/third_party/codex/codex-rs/app-server/src/codex_message_processor.rs:2197

Result: Litter local defaults win over remote server config, which is surprising for remote use.

Suggested change

By default inherit server config permissions of Codex. At the same time allow to switch to permission models provided by litter app per each thread to override the server config.

Nice to have UI changes:

• Show the effective permission level in thread UI (can be in conversation info page)
• Add permission change button in conversation info page (now it's only under /permissions cmd and thus quite hidden)

[dnakov]

yeah prob shouldn't be setting them at all. btw, there is /permissions command u can use to set for the thread

[jelenv]

yeah, I think best default is to inherit remote config.toml permissions. I did not know about the command, thanks, this helps

[jelenv]

Edited the issue to better align with what you now have via /permissions

[dnakov]

fixed (testflight and android beta)