fix: revert unsafe permission changes from PR #78

Security fixes to restore defense-in-depth after merging PR #78:

**client.py:**
- Revert permission mode from "bypassPermissions" to "acceptEdits"
- Remove redundant web_tools_auto_approve_hook from PreToolUse hooks
- Remove unused import of web_tools_auto_approve_hook

**security.py:**
- Remove web_tools_auto_approve_hook function (was redundant and
  returned {} for ALL tools, not just WebFetch/WebSearch)

**server/services/spec_chat_session.py:**
- Restore allowed_tools restriction: [Read, Write, Edit, Glob,
  WebFetch, WebSearch]
- Revert permission mode from "bypassPermissions" to "acceptEdits"
- Keeps setting_sources=["project", "user"] for global skills access

**ui/src/components/AgentAvatar.tsx:**
- Remove unused getMascotName export to fix React Fast Refresh warning
- File now only exports AgentAvatar component as expected

The bypassPermissions mode combined with unrestricted tool access in
spec_chat_session.py created a security gap where Bash commands could
execute without validation (sandbox disabled, no bash_security_hook).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

ui/src/components/AgentAvatar.tsx

@@ -595,9 +595,3 @@ export function AgentAvatar({ name, state, size = 'md', showName = false }: Agen
     </div>
   )
 }
-
-// Get mascot name by index (cycles through available mascots)
-export function getMascotName(index: number): AgentMascot {
-  const mascots = Object.keys(MASCOT_SVGS) as AgentMascot[]
-  return mascots[index % mascots.length]
-}