Add 'gradient eval' command for ad-hoc Nix evaluation returning JSON

[DerDennisOP]

Split out from #243 (the download #attr portion is being handled separately).

Summary

Add a gradient eval '#<attr>' command that evaluates a Nix expression on the server side and returns the result as JSON. Unlike gradient download, this would not require the attribute to produce a derivation — it should be able to return arbitrary Nix values (lists, attrsets, strings, etc.) serialized via builtins.toJSON.

Motivation

From @VanCoding in #243:

Let's say I have a flake like this:

{
  outputs = {
    kubernetes-resources = [
      {
        apiVersion = "apps/v1";
        kind = "Deployment";
        # ...
      }
    ];
  };
}

This doesn't produce any derivations. It just uses Nix to build a JSON structure. Being able to evaluate & get this value as JSON without having Nix installed could be really useful — for example, in an Argo CD use case.

Examples

• gradient eval '#kubernetes-resources' → emits the attrset/list as JSON to stdout
• gradient eval '#packages.x86_64-linux.my-app.version' → emits a single string value

Scope

• New server endpoint that performs ad-hoc evaluation against a configured project/flake input (or a passed-in flake ref)
• Evaluator hardening: resource limits, sandboxing, timeouts (we have eval-worker subprocesses already; this can reuse that path)
• New gradient eval CLI subcommand and connector wrapper
• Authorization model (project-scoped vs. arbitrary-flake)
• API docs in docs/gradient-api.yaml and docs/src

Notes

The #attr reference syntax should match what gradient download uses (see the companion PR for #243) so users get one consistent way to point at flake outputs.