Add API authentication for inter-service communication

[geoffjay]

Context

All agentd services (notify, ask, wrap, orchestrator) expose HTTP APIs on localhost with no authentication or authorization. While the services currently bind to 127.0.0.1 which limits exposure, there is no mechanism to:

1. Verify that requests come from legitimate agentd components
2. Prevent unauthorized local processes from creating/modifying notifications or spawning agents
3. Support future networked deployments where services may not be co-located

Proposed Solution

Implement a shared-secret token-based authentication scheme:

1. Token generation: xtask generates a random token during install and stores it in a shared config location (e.g., ~/.config/agentd/auth_token)
2. Middleware: Each service adds an Axum middleware layer that validates Authorization: Bearer <token> headers
3. Clients: NotifyClient, AskClient, WrapClient are updated to include the token in requests
4. Health endpoints: GET /health remains unauthenticated for monitoring

This is a stepping stone — more sophisticated auth (mTLS, JWT) can follow for networked deployments.

Acceptance Criteria

• Shared token generated and stored during installation
• Axum middleware validates bearer token on all endpoints except /health
• All HTTP clients (NotifyClient, AskClient, WrapClient) send auth header
• CLI reads token from config and includes in requests
• Unauthenticated requests receive 401 Unauthorized
• Existing tests updated to include auth token
• Documentation updated with auth configuration

Relevant Files

• crates/notify/src/api.rs, crates/ask/src/api.rs, crates/wrap/src/api.rs, crates/orchestrator/src/api.rs — add middleware
• crates/notify/src/client.rs, crates/ask/src/client.rs, crates/wrap/src/client.rs — update clients
• crates/cli/src/main.rs — token loading
• crates/xtask/src/main.rs — token generation during install

Dependencies

No blocking dependencies. Can be worked on independently.

Related: #57 (graceful degradation), #7 (integration tests)