security: lock down Discord runtime policy by default

[devswha]

Problem

The runtime bootstrap currently leaves Discord access broad by default.

Evidence:

• ops/runtime-bootstrap.sh:25 defaults RUNTIME_ENFORCE_ALLOWLIST=false
• ops/runtime-bootstrap.sh:135 sets guild.requireMention = false
• ops/runtime-bootstrap.sh:140 sets channel.requireMention = false
• ops/runtime-bootstrap.sh:150 sets channels.discord.allowBots true
• ops/marketing-runtime-bootstrap.sh:306, 311, 321 repeat the same pattern for marketing runtime
• npm run runtime:status reports 3 critical Discord/runtime security findings, including open groupPolicy with elevated/runtime/filesystem tools exposed

Impact

A Discord prompt injection path can drive an agent with runtime/filesystem access. In a multi-user or bot-heavy channel, this can become a high-impact incident.

Suggested fix

• Default RUNTIME_ENFORCE_ALLOWLIST=true for production bootstrap
• Set requireMention=true unless explicitly disabled
• Set allowBots=false by default
• Ensure bootstrap sets channels.discord.groupPolicy to allowlist
• Document the unsafe/open mode as an explicit local-dev override only

Validation

• npm run runtime:status should no longer report open Discord groupPolicy critical findings after bootstrap