fix(server): default bind to loopback and restore bind-address option

[drew]

Motivation

• The server previously defaulted to binding 0.0.0.0:8080, exposing an unauthenticated gRPC control plane on all interfaces by default.
• A minimal, safety-first change is required so that a default run is local-only while still allowing operators to opt into a different bind address when needed.

Description

• Changed the core default bind address in crates/openshell-core/src/config.rs from 0.0.0.0:8080 to 127.0.0.1:8080 so the default server process listens on loopback only.
• Updated the server CLI in crates/openshell-server/src/main.rs to accept a full socket address via --bind / OPENSHELL_SERVER_BIND (default 127.0.0.1:8080) and to use args.bind for the configured bind address.
• Preserved explicit override behavior so operators can still bind to 0.0.0.0 (or any other address) by passing --bind 0.0.0.0:8080 when intentional.

Testing

• Ran cargo fmt --all -- --check which completed successfully.
• Started cargo test -p openshell-server, which began compilation of dependencies in this environment but did not complete within the session budget due to a long-running dependency build.
• Attempted mise run pre-commit but the environment blocked full execution due to remote tool resolution/network constraints; this check was therefore not completed here.

---

Codex Task

[github-actions]

Thank you for your submission! We ask that you sign our Developer Certificate of Origin before we can accept your contribution. You can sign the DCO by adding a comment below using this text:

---

I have read the DCO document and I hereby sign the DCO.

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the DCO Assistant Lite bot.}

[johntmyers]

Closing in favor of consolidated re-implementation. See #350 for tracking.