This commit completes the "Strictly Local" journey by adding several key features:
- Permanent `security.strictLocal` configuration key.
- Hardened Docker sandbox isolation (enforces `network: "none"`).
- Local compliance checks in `moltbot security audit`.
- Ollama health and model checks in `moltbot doctor`.
- Local CLI-based TTS support (offline speech).
- Skill vetting to prevent external URL leakage in strict mode.
- Documentation and unit tests for all new functionality.
Co-authored-by: samibs <1743891+samibs@users.noreply.github.com>