bug(arch): admin and review modes allow indirect mutations via dispatched workers

[akougkas]

Problem

Admin mode safety gap:
Admin mode definition: dispatchEnabled: true, mutationsAllowed: false. The orchestrator cannot use edit or write tools. But dispatched workers run as separate processes with their own tool sets. A worker dispatched from admin mode may have edit/write access depending on its runtime and safety configuration. This creates an indirect mutation path that admin mode's tool gating does not prevent.

Review mode config mutation:
Review mode includes pan_apply_config in its tool set (line 106 of modes.ts). A reviewer can change runtime configuration (safety level, mode, reasoning, models) via the config tool. This is inconsistent with review mode's read-only intent.

Audit Reference

AUDIT-ISSUES.md: F2, F3

Objective

Close the indirect mutation path and restrict config changes in review mode.

Deliverables

• Document whether admin dispatch without mutations is intentional (dispatch for diagnostic/read tasks)
• If not intentional: propagate orchestrator's mutationsAllowed: false to dispatched workers
• Remove pan_apply_config from review mode's tool set (keep pan_read_config)
• Add admission gate: reject dispatch requests in modes where dispatch is enabled but mutations are disabled, if the worker spec requires mutation tools