fix: preserve auto review across config and delegation

[viyatb-oai]

Why

Auto Review should remain the effective approval reviewer when settings cross runtime boundaries. A config or app-server round trip must not change the reviewer identity, and delegated work must not silently fall back to user review.

This requires both a stable canonical serialized value and propagation of the effective setting. auto_review is the canonical value across protocol and app-server output, while guardian_subagent remains accepted as backward-compatible input.

What changed

• serialize ApprovalsReviewer::AutoReview consistently as auto_review across core protocol and app-server v2
• continue accepting guardian_subagent when reading existing config or client requests
• carry the active turn's approval reviewer into spawned agents
• update config/debug expectations and add delegated-task regression coverage

Scope

This does not change Guardian policy or remove compatibility with existing guardian_subagent inputs. It preserves the selected reviewer across serialization, config reloads, app-server settings, and delegated task setup.

Related Guardian changes are split independently:

• feat: distinguish Guardian denials and soft denials #26231 adds denials and soft denials
• fix: retry transient Guardian reviewer failures #26334 retries transient reviewer failures
• feat: reuse low-risk Guardian approvals #26333 reuses narrowly scoped low-risk approvals
• feat: add Guardian denial recovery TUI #26232 adds TUI denial recovery

Validation

• just test -p codex-app-server-protocol (224 passed)
• regression coverage for delegated task reviewer propagation
• serialization coverage for canonical auto_review output and legacy guardian_subagent input

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d6528ccc95

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[saud-oai]

I have read the CLA Document and I hereby sign the CLA