Feature: Make IPC input caps user-configurable in Settings

[faesel]

Summary

The security hardening in v0.28.1–v0.28.2 introduced fixed caps on freeform IPC inputs to prevent unbounded disk writes. These caps are currently hardcoded in electron/main.ts:

Input	Current cap	Location
Session summary (sessions:rename)	1,000 characters	~L663
Session notes (sessions:set-notes)	100,000 characters	~L759
Skill file content (skills:save-file)	512 KB	~L1210
HTTP response accumulation	1 MB (MAX_TRANSFER_SIZE)	~L913, ~L1090

Proposal

Move the user-facing caps (summary, notes, skill content) into the Settings page so users can adjust them to suit their workflow. The HTTP response cap should remain hardcoded as it's a security boundary, not a user preference.

Acceptance criteria

• New "Limits" section in Settings page with sliders or number inputs for:
  • Summary max length (default: 1,000 chars, range: 100–5,000)
  • Notes max length (default: 100,000 chars, range: 10,000–500,000)
  • Skill file max size (default: 512 KB, range: 64 KB–2 MB)
• Settings persisted via localStorage (same as existing gridwatch-settings)
• Values passed to main process via a new IPC channel or read from a shared config
• Main process IPC handlers use the configured values instead of hardcoded constants
• Default values match the current hardcoded caps (no behaviour change on upgrade)

Notes

• Originated from security audit issue Security Audit — Static Analysis Report (17 findings, 3 High) #17
• HTTP response cap (MAX_TRANSFER_SIZE) should remain hardcoded — it's a security boundary
• Consider showing current usage alongside the cap (e.g. "Notes: 2,341 / 100,000 chars")