[exec-server] Add prepared upload lifecycle

[soheil-oai]

Context

This is PR 3 of the five-PR prerequisite stack for CCA-50 and the CCA file-transfer RFC. It is stacked on #29443.

The stack keeps file bytes in the selected executor instead of relaying them through CCA. This layer implements the prepared-source lifecycle behind a disabled capability; it does not perform network upload yet.

What changed

• Snapshot an authorized file once into executor-owned, zeroizing memory.
• Bind opaque operation IDs to a logical executor-session generation without exposing resume bearer IDs.
• Enforce 8 MiB per file, 32 MiB prepared bytes per session, and 32 operations.
• Add status, cancel, expiry, terminal retention, pressure pruning, and a single deadline sweeper.
• Preserve stable bytes across source replacement and transport reconnect.
• Return a typed session-lost error for operation IDs from an expired executor session.
• Keep the capability default-disabled.

The next PR adds protected executor-side HTTPS PUT execution.

Test plan

• just test -p codex-exec-server file_transfer_handler (5 passed on the exact stacked commit)
• Prepared-byte stability, byte/operation quotas, cancellation, expiry without follow-up RPC, session isolation, and terminal pruning are covered.

Reviewed by independent architecture, security, and Rust/conventions reviewers; no P0/P1/P2 findings remain.

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}