feat(policy): map --yolo to allowedTools wildcard policy

This PR maps the `--yolo` flag natively into a wildcard policy array
(`allowedTools: ["*"]`) and removes the concept of `ApprovalMode.YOLO` as a
distinct state in the application, fulfilling issue #11303.

This removes the hardcoded `ApprovalMode.YOLO` state and its associated
UI/bypasses. The `PolicyEngine` now evaluates YOLO purely via data-driven rules.

- Removes `ApprovalMode.YOLO`
- Removes UI toggle (`Ctrl+Y`) and indicators for YOLO
- Removes `yolo.toml`
- Updates A2A server and CLI config logic to translate YOLO into a wildcard tool
- Rewrites policy engine tests to evaluate the wildcard
- Enforces enterprise `disableYoloMode` and `secureModeEnabled` controls
  by actively preventing manual `--allowed-tools=*` bypasses.

Fixes #11303

packages/cli/src/utils/installationInfo.test.ts

@@ -58,19 +58,6 @@ describe('getInstallationInfo', () => {
     process.argv = originalArgv;
   });
 
-  it('should detect running as a standalone binary', () => {
-    vi.stubEnv('IS_BINARY', 'true');
-    process.argv[1] = '/path/to/binary';
-    const info = getInstallationInfo(projectRoot, true);
-    expect(info.packageManager).toBe(PackageManager.BINARY);
-    expect(info.isGlobal).toBe(true);
-    expect(info.updateMessage).toBe(
-      'Running as a standalone binary. Please update by downloading the latest version from GitHub.',
-    );
-    expect(info.updateCommand).toBeUndefined();
-    vi.unstubAllEnvs();
-  });
-
   it('should return UNKNOWN when cliPath is not available', () => {
     process.argv[1] = '';
     const info = getInstallationInfo(projectRoot, true);