fix(proxy): block browser CORS access to local proxy

[zerone0x]

Summary / 概述

Remove the permissive CORS layer from the local proxy HTTP server so browsers cannot issue cross-origin requests to 127.0.0.1:15721. This keeps CLI clients working while preventing web pages from abusing the proxy to exfiltrate API usage.

Related Issue / 关联 Issue

Fixes #1841

Screenshots / 截图

Before / 修改前	After / 修改后
N/A	N/A

Checklist / 检查清单

• pnpm typecheck passes / 通过 TypeScript 类型检查
• pnpm format:check passes / 通过代码格式检查
• cargo clippy passes (if Rust code changed) / 通过 Clippy 检查（如修改了 Rust 代码）
• Updated i18n files if user-facing text changed / 如修改了用户可见文本，已更新国际化文件

Notes:

• Rust-only change; tests not run locally.

[farion1231]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Breezy!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".