add refactored tui snapshot

[mickey-228]

变更内容
在仓库根目录下添加了一个独立的 tui/ 快照，其中包含了重构后的 TUI 代码库。

变更原因
此举旨在将 TUI 重构工作与现有的应用实现隔离开来，以便在不混入无关仓库更改的情况下，对前端结构、UI 与运行时的边界以及 API 契约进行评审。

核心亮点
将 TUI 代码重新组织为 ui/model、ui/components、ui/input 和 ui/theme 模块。

保留了 api、services 和 runtime 层，用于定义面向 UI 的契约和后端集成边界。

围绕 Result[...] 和提供者模式（provider-style）的服务访问，标准化了更多面向 UI 的服务契约。

快照中包含了更新后的“思考状态”（thinking-state）UX 行为。

验证方式
执行测试命令：go test -vet=off -overlay E:\TUI\tui\overlay.json ./internal/tui

备注
本 PR 特意将仓库更改范围限制在新的 tui/ 文件夹快照中，因此不会包含主检出目录中无关的本地工

[xgopilot]

Focused review findings below. I kept only issues that are actionable and materially affect correctness/security.

[xgopilot]

tui/ snapshot import paths are inconsistent with the snapshot layout and currently break package resolution (for example bytemind/internal/tui/runtime, bytemind/internal/tui/api, bytemind/internal/tui/services). In this PR layout, those packages live under tui/..., so this pattern prevents tui packages from compiling in-repo. Please align imports to the snapshot package paths (or document/enforce that these files are non-buildable artifacts).

[xgopilot]

Host validation uses substring matching (strings.Contains(..., "api.openai.com")). A crafted URL like https://api.openai.com.attacker.tld passes this check and then receives the bearer token in the request. Parse the URL and enforce https plus an exact allowlisted host before sending credentials.

[xgopilot]

Clipboard parsing can trigger automatic outbound fetches (WebClient.DownloadData) for arbitrary http(s) image URLs found in clipboard text/HTML. This creates an untrusted-input-to-network boundary and can be abused for unintended requests (including internal targets). Consider requiring explicit user confirmation and/or strict host/scheme policy before remote download.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!