Fix: [Feature]:add controlled local system capabilities for desktop automation

[shahyashish]

To implement controlled local system capabilities, I updated the AgentCapabilityManifest interface and registration logic in agent-capability-registry.ts.

1. Added local_capabilities to the manifest interface and its projection logic to explicitly track these new tools.
2. Defined three new built-in tools: open_app, open_file, and run_local_command. These are assigned the local_capability kind.
3. Updated executionSemanticsForDescriptor to ensure all local_capability tools require explicit user confirmation.
4. Configured the authorityBoundaryForDescriptor for local_capability to grant filesystem and shell access, reflecting their role in desktop automation.
5. Updated buildToolDescriptor to set the trust level to local for these capabilities.
6. Included a summary of local capabilities in the policy prompt section generated for agents.

Test: Initialize a BuildAgentCapabilityManifestParams with open_app, open_file, and run_local_command in defaultTools. Call buildAgentCapabilityManifest. Verify that the returned manifest's local_capabilities array contains all three tools, each with requires_user_confirmation: true in their execution semantics and trust_level: 'local'. Ensure the renderCapabilityPolicyPromptSection output contains the line 'Local capabilities: available (3 enabled).'