fix(telegram): enforce allowlist policy on /start, /help, /status commands

[snemesh]

Problem

The /start, /help, and /status bot commands bypass the gate() access check. When dmPolicy is "allowlist", non-allowlisted users can:

1. /start — get a response confirming the bot is active and see pairing instructions
2. /help — get help text (no policy check at all)
3. /status — enumerate pending pairing codes for other users, and confirm the bot exists

Per ACCESS.md, allowlist mode should "Drop silently. No reply."

Security impact

• Information disclosure: non-allowlisted users can confirm the bot is active
• Pairing code leak: /status shows pending codes to any DM sender, even when they shouldn't have access

Fix

Command	Before	After
/start	Responds to everyone (only checks disabled)	Responds to allowlisted users always; unknown users only in pairing mode (expected flow for new users to learn how to pair)
/help	Responds to everyone	Silently drops non-allowlisted users
/status	Shows pairing state to everyone	Silently drops non-allowlisted users; only confirms paired status to allowlisted users

No behavior change when dmPolicy is "pairing" — unknown users can still /start to learn how pairing works (same as before).

Changes

• external_plugins/telegram/server.ts — 16 insertions, 19 deletions

Test plan

• bun build passes
• 22/22 unit tests pass — all 3 commands × 3 policies × 2 user types + 4 security assertions

Test output (22/22 passed)

── allowlist mode (dmPolicy: allowlist) ──
  ✅ /start  from ALLOWED user                     → "pairing instructions"
  ✅ /help   from ALLOWED user                     → "help text"
  ✅ /status from ALLOWED user                     → "Paired as 203061594"
  ✅ /start  from STRANGER                         → SILENT DROP
  ✅ /help   from STRANGER                         → SILENT DROP
  ✅ /status from STRANGER                         → SILENT DROP

── pairing mode (dmPolicy: pairing) ──
  ✅ /start  from ALLOWED user                     → "pairing instructions"
  ✅ /help   from ALLOWED user                     → "help text"
  ✅ /status from ALLOWED user                     → "Paired as 203061594"
  ✅ /start  from STRANGER                         → "pairing instructions"
  ✅ /help   from STRANGER                         → SILENT DROP
  ✅ /status from STRANGER                         → SILENT DROP

── disabled mode (dmPolicy: disabled) ──
  ✅ /start  from ALLOWED user                     → SILENT DROP
  ✅ /help   from ALLOWED user                     → "help text"
  ✅ /status from ALLOWED user                     → "Paired as 203061594"
  ✅ /start  from STRANGER                         → SILENT DROP
  ✅ /help   from STRANGER                         → SILENT DROP
  ✅ /status from STRANGER                         → SILENT DROP

── Security assertions ──
  ✅ Stranger cannot probe /status in allowlist mode
  ✅ Stranger cannot get /help in allowlist mode
  ✅ Stranger CAN /start in pairing mode (expected flow)
  ✅ Stranger cannot /start in disabled mode

═══ Result: 22/22 passed ✅ ═══

Fixes #854