fix: harden gateway SMS opt-out and Gemini doctor probe

[ericmurrayy]

Summary

• Add SMS_GATEWAY_ENABLED=false opt-out so Twilio credentials can exist without auto-starting the direct SMS gateway adapter.
• Fix Hermes doctor Gemini API-key validation to use x-goog-api-key for native Google AI Studio /models probes instead of OpenAI-style Bearer auth.
• Add regression coverage for the Gemini header behavior and make the gateway API-server config regression hermetic against inherited env vars.

Test Plan

• python -m pytest tests/hermes_cli/test_doctor.py tests/gateway/test_config.py tests/gateway/test_status.py -q -o 'addopts='

Result: 123 passed, 2 warnings.

[wherewolf87]

Confirmed this still reproduces on a local Hermes install after credential repair.

Environment checked:

• Hermes Agent v0.13.0 (2026.5.7)
• Local describe: v2026.5.7-560-g03c98edd0-dirty
• hermes doctor reports: gemini (invalid API key) and final summary says Check GOOGLE_API_KEY in .env
• Same key is present as both GOOGLE_API_KEY and GEMINI_API_KEY

Independent verification:

• Direct Google Generative Language models probe with the same key succeeds with HTTP 200 when using Gemini API-key auth.
• Official Gemini API reference says requests must include x-goog-api-key; the API-key guide also says either GEMINI_API_KEY or GOOGLE_API_KEY is valid for Gemini clients.

Official docs used:

• https://ai.google.dev/api
• https://ai.google.dev/gemini-api/docs/api-key

So this matches the PR diagnosis: the key is valid, but the doctor generic API-key health check is treating Gemini like a Bearer-token OpenAI-compatible provider.