feat: implement tool approval checks for agent tool calls

Ports the tool approval feature from aron/tool-approval branch onto the
latest codebase. Adds manual user approval flow for tool calls before
execution, configurable via librechat.yaml toolApproval config.

Key changes:
- Add TToolApproval schema to data-provider config (required/excluded patterns)
- Add approval.ts utilities (requiresApproval, matchesPattern, getToolServerName)
- Add MCPToolCallValidationHandler for flow-based approval via FlowStateManager
- Wrap non-MCP tools with approval in ToolService.loadAgentTools
- Add MCP tool validation in MCP.js createToolInstance
- Handle native Anthropic web search approval in callbacks.js
- Disable native web_search when approval required (OpenAI initialize)
- Add validation SSE delta handling in useStepHandler
- Add approve/reject UI in ToolCall.tsx with confirm/reject API calls
- Add validation routes: POST /api/mcp/validation/confirm|reject/:id
- Add i18n keys for approval UI
- Add toolApproval example config in librechat.example.yaml

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

api/server/services/Endpoints/agents/initialize.js

@@ -147,6 +147,7 @@ const initializeClient = async ({ req, res, signal, endpointOption }) => {
   const summarizationOptions =
     appConfig?.summarization?.enabled === false ? { enabled: false } : { enabled: true };
 
+  const toolApprovalConfig = appConfig?.endpoints?.[EModelEndpoint.agents]?.toolApproval;
   const eventHandlers = getDefaultHandlers({
     res,
     toolExecuteOptions,
@@ -155,6 +156,7 @@ const initializeClient = async ({ req, res, signal, endpointOption }) => {
     toolEndCallback,
     collectedUsage,
     streamId,
+    toolApprovalConfig,
   });
 
   if (!endpointOption.agent) {