fix(web): inline PermissionError in dir browser with platform-aware i18n guidance

[howold-lab]

Summary

• Show directory browse PermissionError inline inside the modal instead of a global toast
• Add platform-aware error messages: macOS gets actionable Full Disk Access guidance, other platforms get a generic message
• Backend returns sys.platform in the error details so the frontend can tailor the message

Changes

Backend (src/cccc/ports/web/routes/base.py):

• PermissionError response now includes details.platform (sys.platform)

Frontend (web/src/components/AppModals.tsx, CreateGroupModal.tsx):

• New dirBrowseError state replaces the global showError() call for permission errors
• Error renders inline in the dir browser panel with rose-coloured border
• platform === "darwin" → macOS-specific copy; otherwise generic copy

i18n (locales/en/actors.json, locales/zh/actors.json):

• permissionDenied — generic fallback
• permissionDeniedMacOS — macOS copy with step-by-step FDA guidance (System Settings → Privacy & Security → Full Disk Access → enable terminal app → restart CCCC)

Why local dev often can't reproduce

Terminal-launched non-sandboxed processes inherit TCC session context, so macOS doesn't re-check FDA. The error surfaces when CCCC is started as a launchd service, on a fresh machine (empty TCC.db), or on macOS 15 Sequoia where TCC enforcement is stricter for non-sandboxed CLI processes. Verified on Mac mini where the error was originally reported.

Known gap

Linux-specific guidance (AppArmor / SELinux hint) not included — tracked as follow-up.

Test plan

• Browse a TCC-protected path on a machine without FDA granted → error appears inline in modal (not toast)
• macOS: error text includes "System Settings → Privacy & Security → Full Disk Access" guidance
• Non-macOS: generic "Cannot read: <path>" message shown
• Dismissing / reopening the modal clears the error state
• Happy path (accessible directory) still works normally

[howold-lab]

old:

new: