fix(security): Gemini API key header + Mutex safety + Agent validation

M1-01: Move Gemini API key from URL query param to x-goog-api-key header,
     preventing key leakage in logs/proxy/telemetry (matches Anthropic/OpenAI pattern)

M1-03/M1-04: Replace Mutex .unwrap() with .unwrap_or_else(|e| e.into_inner())
     in MemoryMiddleware and LoopGuardMiddleware — recovers from poison
     instead of panicking async runtime

M2-08: Add input validation to agent_create — reject empty names,
     out-of-range temperature (0-2), and zero max_tokens

M11-06: Replace Date.now() message ID with crypto.randomUUID()
     to prevent collisions in classroom chat

crates/zclaw-runtime/src/middleware/loop_guard.rs

@@ -37,7 +37,7 @@ impl AgentMiddleware for LoopGuardMiddleware {
         tool_name: &str,
         tool_input: &Value,
     ) -> Result<ToolCallDecision> {
-        let result = self.guard.lock().unwrap().check(tool_name, tool_input);
+        let result = self.guard.lock().unwrap_or_else(|e| e.into_inner()).check(tool_name, tool_input);
         match result {
             LoopGuardResult::CircuitBreaker => {
                 tracing::warn!("[LoopGuardMiddleware] Circuit breaker triggered by tool '{}'", tool_name);

crates/zclaw-runtime/src/middleware/memory.rs

@@ -43,7 +43,7 @@ impl MemoryMiddleware {
     /// Check if enough time has passed since the last extraction for this agent.
     fn should_extract(&self, agent_id: &str) -> bool {
         let now = std::time::Instant::now();
-        let mut map = self.last_extraction.lock().unwrap();
+        let mut map = self.last_extraction.lock().unwrap_or_else(|e| e.into_inner());
         if let Some(last) = map.get(agent_id) {
             if now.duration_since(*last).as_secs() < self.debounce_secs {
                 return false;