feat(wfe-yaml): add deno_core JS/TS executor with sandboxed permissions

Secure JavaScript/TypeScript execution in workflow steps via deno_core,
behind the `deno` feature flag.

Security features:
- Per-step permission system: net host allowlist, filesystem read/write
  path restrictions, env var allowlist, subprocess spawn control
- V8 heap limits (64MB default) prevent memory exhaustion
- Execution timeout with V8 isolate termination for sync infinite loops
- Path traversal detection blocks ../ escape attempts
- Dynamic import rejection unless explicitly enabled

Workflow I/O ops:
- inputs() — read workflow data as JSON
- output(key, value) — set step outputs
- log(message) — structured tracing

Architecture:
- JsRuntime runs on dedicated thread (V8 is !Send)
- PermissionChecker enforced on every I/O op via OpState
- DenoStep implements StepBody, integrates with existing compiler
- Step type dispatch: "shell" or "deno" in YAML

34 new tests (12 permission unit, 3 config, 2 runtime, 18 integration).

wfe-yaml/src/schema.rs

@@ -54,6 +54,27 @@ pub struct StepConfig {
     pub env: HashMap<String, String>,
     pub timeout: Option<String>,
     pub working_dir: Option<String>,
+    #[serde(default)]
+    pub permissions: Option<DenoPermissionsYaml>,
+    #[serde(default)]
+    pub modules: Vec<String>,
+}
+
+/// YAML-level permission configuration for Deno steps.
+#[derive(Debug, Deserialize, Clone, Default)]
+pub struct DenoPermissionsYaml {
+    #[serde(default)]
+    pub net: Vec<String>,
+    #[serde(default)]
+    pub read: Vec<String>,
+    #[serde(default)]
+    pub write: Vec<String>,
+    #[serde(default)]
+    pub env: Vec<String>,
+    #[serde(default)]
+    pub run: bool,
+    #[serde(default)]
+    pub dynamic_import: bool,
 }
 
 #[derive(Debug, Deserialize)]