feat(tracker): spawn sessions from eligible issues

[anirudh5harma]

Summary

Registered projects can now opt into issue-driven intake: the daemon polls explicitly eligible open issues and starts one worker session per issue, preserving the canonical issue identifier so restarts cannot create duplicates. Existing projects remain unaffected until intake is enabled with a label or assignee rule, and tracker or spawn failures back off without blocking the daemon.

Closes #2282.

This ports aoagents/ReverbCode#424 onto the current canonical architecture. The port intentionally excludes the old PR's unrelated frontend build workaround and regenerates both API artifacts from current source.

Design Notes

• Intake remains read-only toward the tracker.
• Configuration flows through project config, the HTTP contract, generated frontend types, and ao project set-config --config-json.
• Duplicate prevention uses durable sessions.issue_id, including compatibility with native issue IDs created before canonical provider prefixes.
• Token lookup is lazy, cached, bounded by a five-second command timeout, and uses the cross-platform process wrapper.
• Disabled projects do not incur session-table scans.
• Worker prompts include issue metadata and truncate safely at the existing 4096-byte session limit.

Validation

• npm run api
• cd backend && go build ./...
• cd backend && go vet ./...
• Race tests for domain, tracker intake, and API-spec packages
• Focused CLI tracker-config request test
• npm run frontend:typecheck
• Full frontend suite: 40 files, 370 tests
• git diff --check

Full npm run lint and storage-backed backend tests are currently blocked on canonical main by duplicate migration version 20 in 0020_review_run_unique_pr_sha.sql and 0020_pr_reviews.sql. This branch does not modify migrations; all packages reached before that pre-existing panic, including tracker intake, pass.

Post-Deploy Monitoring & Validation

For the first enabled project, watch daemon logs for tracker intake messages and confirm one eligible issue creates one worker session carrying github:owner/repo#number. Healthy signals are no repeated spawn for that issue after another poll or daemon restart, and no polling for disabled projects. Repeated spawn attempts, broad intake without an explicit rule, or daemon startup degradation are rollback triggers; disabling trackerIntake.enabled is the immediate mitigation.