feat(sec-core): enhance daemon logging including requests and jobs

[RemindD]

Description

Trace / Invocation Context

• 删除 request-local invocation_id override。
• invocation_id 只保留进程级 CLI invocation id。
• trace context 仍保留 request-local override，用于 daemon request 和 background
  job。

CLI → Daemon Trace / Caller Propagation

• prompt-scanner CLI 调 daemon 时复用 canonical trace_context_to_payload()，避免
  手写 trace schema。

• CLI 调 daemon 时显式标记 caller="cli"。

• daemon request 协议支持可选 caller 字段，gateway 日志能把 caller 透传到
  request started/completed log。

Daemon Prompt Scan Attribution

• daemon scan-prompt handler 调 security middleware 时显式传 caller="daemon"。
• security middleware invoke() 支持显式 caller。
• 修复 daemon 执行 prompt scan 时 middleware diagnostic log 里 caller="unknown"
  的问题。

Daemon Background Jobs

• 新增 daemon-owned job trace context，每次 job run 自动生成标准 UUID trace id。

• 新增 OneShotBackgroundJob，把 one-shot job 的 task/state/error/status
  lifecycle 收到 base class。

• periodic job 每个 tick 自动获得独立 trace id。

• job lifecycle 统一写 daemon diagnostic events：

  • daemon_job_started
  • daemon_job_completed
  • daemon_job_failed
  • daemon_job_cancelled

• PromptModelPreloadJob 迁移到 base lifecycle，只保留 preload 业务逻辑和 prompt
  runtime state 更新。

Diagnostic Logging Semantics

• daemon background job logs、model load logs、job lifecycle logs 能共享同一个
  job trace id。

• daemon request logs、middleware logs、security events 能共享 request trace
  id。

• job trace 和 request trace 分离，不混用 CLI invocation id。

Related Issue

closes #

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• tokenless (tokenless)
• ckpt (ws-ckpt)
• memory (agent-memory)
• anolisa (anolisa-cli)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): Ruff format and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
• For memory (Linux only): cargo clippy --all-targets -- -D warnings, cargo fmt --check, and cargo test pass
• For anolisa: cargo clippy --all-targets --locked -- -D warnings, cargo fmt --all --check, and cargo test --locked pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

Additional Notes