feat: GStack Browser stealth + branding — anti-bot patches, custom UA, rebrand

- Add GSTACK_CHROMIUM_PATH env var for custom Chromium binary
- Add BROWSE_EXTENSIONS_DIR env var for extension path override
- Move auth token to /health endpoint (fixes read-only .app bundles)
- Anti-bot stealth: disable navigator.webdriver, fake plugins, languages
- Custom user agent: Chrome/<version> GStackBrowser (auto-detects version)
- Rebrand Chromium plist to "GStack Browser" at launch time
- Update security test to match new token-via-health approach

browse/src/server.ts

@@ -955,7 +955,10 @@ async function start() {
           uptime: Math.floor((Date.now() - startTime) / 1000),
           tabs: browserManager.getTabCount(),
           currentUrl: browserManager.getCurrentUrl(),
-          // token removed — see .auth.json for extension bootstrap
+          // Auth token for extension bootstrap. Safe: /health is localhost-only.
+          // Previously served via .auth.json in extension dir, but that breaks
+          // read-only .app bundles and codesigning. Extension reads token from here.
+          token: AUTH_TOKEN,
           chatEnabled: true,
           agent: {
             status: agentStatus,