Ask for approval when mutation tool is executed on the web

What does this MR do?

This MR implements a tool approval workflow for Duo Agentic Chat in the web interface, requiring user approval before executing mutation tools that can modify GitLab resources.

Solves: #550601 (closed)

Changes

• Agent Privilege Changes: Updated from pre-approved [3] (read_write_gitlab) to pre-approved [2] (read_gitlab) only, while still enabling both [2, 3] privileges
• Approval Flow Integration: Added AgenticToolApprovalFlow component from @gitlab/duo-ui to handle tool approval requests
• WebSocket Management: Refactored WebSocket handling with proper connection lifecycle management and utility functions
• Status Handling: Added support for TOOL_CALL_APPROVAL_REQUIRED workflow status to pause execution and show approval modal
• User Experience: Maintains loading state during approval process and provides clear approve/deny options

Setup

Follow the instructions in here: !194852 (merged) To setup local agentic Duo Chat in the GDK

How to Test

1. Open Duo Agentic Chat in the web interface
2. Ask for an action that requires mutation tools (e.g., "duplicate this issue in the project")
3. Verify that an approval modal appears when the tool is about to be executed
4. Test both approve and deny workflows
5. Confirm that the WebSocket connection handles the approval flow correctly

Screenshot