feat(egress): replace log bool with integer log levels (0/1/2)

Level 0 (off, default): no stderr output beyond boot line.
Level 1 (blocks): each block/warn emitted as JSON with reason and
request context (host, method, path, response_status for inbound).
Level 2 (full): level-1 events + egress_request and egress_response
JSON lines for every forwarded connection.

Block logging at level 1+ replaces the previous plain-text stderr write.
DLP warn logging is also gated on level 1+. All block call sites now pass
_req_ctx(flow) so the blocked request is visible in the log entry.
Boot message shows log level label (off/blocks/full).

Adds PRD 0053 documenting wire format, manifest format, and all log event
shapes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

bot_bottle/manifest_egress.py

@@ -346,10 +346,13 @@ def _parse_dlp_block(
     return outbound, inbound
 
 
+LOG_LEVELS = frozenset({0, 1, 2})
+
+
 @dataclass(frozen=True)
 class EgressConfig:
     routes: tuple[EgressRoute, ...] = ()
-    Log: bool = False
+    Log: int = 0
 
     @classmethod
     def from_dict(cls, bottle_name: str, raw: object) -> "EgressConfig":
@@ -368,10 +371,11 @@ class EgressConfig:
                 for i, entry in enumerate(routes_list)
             )
             validate_egress_routes(bottle_name, routes)
-        log_raw = d.get("log", False)
-        if not isinstance(log_raw, bool):
+        log_raw = d.get("log", 0)
+        if isinstance(log_raw, bool) or not isinstance(log_raw, int) \
+                or log_raw not in LOG_LEVELS:
             raise ManifestError(
-                f"bottle '{bottle_name}' egress.log must be true or false"
+                f"bottle '{bottle_name}' egress.log must be 0, 1, or 2"
             )
         for k in d:
             if k not in ("routes", "log"):