Add provider auto-update flow

[Marve10s]

Summary

• Add provider version advisories and a server RPC for safe provider updates.
• Detect install source before choosing update commands, with support for npm, bun, pnpm, Homebrew, and provider-native updaters.
• Add provider update prompts, compact Providers settings review UI, bulk update action, and clearer failure reporting.

Validation

• cd apps/server && bun run test src/provider/providerMaintenance.test.ts src/provider/Layers/ProviderHealth.test.ts
• cd apps/web && bun run test src/wsNativeApi.test.ts
• cd packages/contracts && bun run test
• git diff --check

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2cfe4229a8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Probe the same binary used for update advisories

When a user configures a provider CLI override, the update capability is resolved from that configured path here, but the status.version that enrichProviderStatusWithVersionAdvisory compares still comes from the hard-coded health probes (runCodexCommand, runClaudeCommand, etc. spawn literal codex, claude, gemini, ...). In that configuration the UI can compare the PATH installation's version against the configured binary's update source/command, causing false outdated warnings or an unchanged result after updating the configured binary. The version probe and update capability resolution should use the same executable.

Useful? React with 👍 / 👎.