fix(audit): 修复深度审计 P2 问题 — 自主授权后端守卫、反思历史累积、心跳持久化

- M5-补: hand_execute/skill_execute 接收 autonomy_level 参数，后端三层守卫
  (supervised 全部审批 / assisted 尊重 needs_approval / autonomous 跳过)
- M3: hand_approve/hand_cancel 移除 _hand_name 下划线，添加审计日志
- M4-补: 反思历史累积存储到 reflection:history:{agent_id} 数组(最多20条)
  get_history 优先读持久化历史，保留 latest key 向后兼容
- 心跳历史: VikingStorage 持久化 HeartbeatResult 数组，tick() 也存历史
  heartbeat_init 恢复历史，重启后不丢失
- L2: 确认 gatewayStore 仅注释引用，无需修改
- 身份回滚: 确认 IdentityChangeProposal.tsx 已实现 HistoryItem + restoreSnapshot
- 更新 DEEP_AUDIT_REPORT.md 完成度 72% (核心 92%, 真实可用 80%)

desktop/src/lib/gateway-client.ts

@@ -1189,7 +1189,7 @@ export interface GatewayClient {
   toggleScheduledTask(id: string, enabled: boolean): Promise<{ id: string; enabled: boolean }>;
   listHands(): Promise<{ hands: { id?: string; name: string; description?: string; status?: string; requirements_met?: boolean; category?: string; icon?: string; tool_count?: number; tools?: string[]; metric_count?: number; metrics?: string[] }[] }>;
   getHand(name: string): Promise<any>;
-  triggerHand(name: string, params?: Record<string, unknown>): Promise<{ runId: string; status: string }>;
+  triggerHand(name: string, params?: Record<string, unknown>, autonomyLevel?: string): Promise<{ runId: string; status: string }>;
   getHandStatus(name: string, runId: string): Promise<{ status: string; result?: unknown }>;
   approveHand(name: string, runId: string, approved: boolean, reason?: string): Promise<{ status: string }>;
   cancelHand(name: string, runId: string): Promise<{ status: string }>;