revert(egress-proxy): drop Role + agent provisioner (keep git-push block)

Partial revert of fa06a3a. The role + agent-side provisioner felt
overengineered: anthropic-base-url + npm-registry's only realistic
host values match the tool defaults, so the role tags drove no-op
dotfile writes most of the time. If non-default npm registry / tea
config is needed in a future bottle, we can ship it through a more
direct mechanism then.

What stays from fa06a3a:
  - Universal HTTPS git-push block in the egress-proxy addon
    (`is_git_push_request` in egress_proxy_addon_core, called from
    the request hook before route matching; 403s git-receive-pack
    regardless of route). This is the security backstop so git-gate
    remains the only outbound write path; PR #29 keeps it.

What gets reverted:
  - `Role` field on EgressProxyRoute (manifest + runtime).
  - `EGRESS_PROXY_ROLES` + `EGRESS_PROXY_SINGLETON_ROLES` constants
    and singleton-role validation.
  - `backend/docker/provision/egress_proxy.py` (npmrc + tea config).
  - `provision_egress_proxy` slot in `BottleBackend.provision`.
  - `prepare.py`'s role-based ANTHROPIC_BASE_URL detection (back to
    the token_ref="CLAUDE_CODE_OAUTH_TOKEN" auto-detect).
  - Manifest + provisioner tests for the above.

355 unit + 24 integration tests pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

tests/unit/test_manifest_md_load.py

@@ -25,7 +25,6 @@ _BOTTLE_DEV = """
     egress_proxy:
       routes:
         - host: api.anthropic.com
-          role: anthropic-base-url
           auth:
             scheme: Bearer
             token_ref: CLAUDE_CODE_OAUTH_TOKEN
@@ -93,7 +92,6 @@ class TestBottleFileParses(_ResolveCase):
         self.assertEqual("api.anthropic.com", routes[0].Host)
         self.assertEqual("Bearer", routes[0].AuthScheme)
         self.assertEqual("CLAUDE_CODE_OAUTH_TOKEN", routes[0].TokenRef)
-        self.assertEqual(("anthropic-base-url",), routes[0].Role)
         self.assertEqual(["example.com"], list(m.bottles["dev"].egress.allowlist))