fix: imported safe-output fragments override explicit threat-detection: false

[strawgate]

Bug

When a workflow explicitly disables threat detection (threat-detection: false or threat-detection: { enabled: false }), imported safe-output fragments re-enable it during merge, causing a compilation error when sandbox.agent: false is also set.

Reproduction

Workflow frontmatter:

sandbox:
  agent: false
safe-outputs:
  activation-comments: false
  threat-detection: false

With any imported fragment that has its own safe-outputs: (e.g., safe-output-add-comment.md with safe-outputs: { add-comment: { max: 1 } }).

Error:

error: threat detection requires sandbox.agent to be enabled. Threat detection runs inside the agent sandbox (AWF) with fully blocked network. Either enable sandbox.agent or remove the threat-detection configuration from safe-outputs.

Root Cause

mergeSafeOutputConfig() in imports.go:512-634 calls extractSafeOutputsConfig() on each imported fragment. The auto-enablement logic at safe_outputs_config.go:479-491 fires because the fragment's outputMap has no threat-detection key, so it defaults to &ThreatDetectionConfig{}.

Then at imports.go:633-635:

if result.ThreatDetection == nil && importedConfig.ThreatDetection != nil {
    result.ThreatDetection = importedConfig.ThreatDetection
}

The main workflow's explicit disable (nil) gets overwritten by the fragment's auto-enabled default.

Suggested Fix

Skip merging ThreatDetection from imported fragments — it's a workflow-level concern, not a per-fragment setting. Alternatively, suppress auto-enablement of threat detection inside extractSafeOutputsConfig when called from the import merge path.