[codex] Disable AGFS management API by default

[13ernkastel]

Summary

• disable the AGFS runtime management API by default behind a new server.management_api_enabled flag
• gate mount, unmount, and external plugin management endpoints unless that flag is explicitly enabled
• document the safer default in config samples and AGFS docs
• add handler tests that cover disabled-by-default and explicitly-enabled behavior

Why

The bundled AGFS server exposes a control-plane surface for runtime mount changes and external plugin loading. In a network-exposed deployment, leaving that surface available by default increases risk because it allows live filesystem and plugin reconfiguration over HTTP. This change keeps the capability available for trusted admin networks while making the secure default explicit.

Impact

• safer default for AGFS deployments embedded in or shipped with OpenViking
• existing operators who rely on runtime management can restore the prior behavior by setting server.management_api_enabled: true

Validation

• added request-level tests for the management API gate in pkg/handlers/plugin_handlers_test.go
• git diff --check passes locally
• local go test and gofmt were not run in this environment because the Go toolchain is not installed

[github-actions]

PR Code Suggestions ✨

No code suggestions found for the PR.