Evaluate polkit-based privileged operations

[Pectics]

Context

Roadmap item imported from PLAN_REQUEST.md and PLAN_RESPONSE.md for v1.1+ — Post-v1 Backlog.

Upstream references

• feat: add system-level service option and update related logic spencerwooo/mihoro#200

Upstream decision

• Ported
• Reimplemented
• Deferred
• Rejected

Reason: Deferred evaluation; do not add a privileged helper daemon in v1.

Scope

• Compare polkit, sudo-only, and no-helper approaches.
• Document threat-model changes before prototyping.

Acceptance criteria

• The scope above is implemented or documented in issue-linked PRs.
• Relevant upstream references are reviewed before implementation starts.
• Tests are added, or the PR explicitly explains why this is documentation-only.
• Documentation is updated, or the PR explicitly explains why no docs changed.
• Migration impact, security impact, and rollback behavior are evaluated.

Out of scope

• Work explicitly listed outside v1.0 in the roadmap remains deferred unless this issue is in v1.1+ — Post-v1 Backlog.
• No GitHub Project board, branch protection change, local commit, or repository file edit is part of this import pass.

Dependencies

• Depends on Implement hardened system-level Mihomo deployment #13
• Depends on Document threat model and privilege boundaries #27

Security and rollback considerations

Apply Mihoto's safety rule for this issue: updates, migrations, service changes, TUN/DNS changes, and credential handling must be explicit, validated, auditable, and recoverable. Secrets and subscription URLs must be redacted from logs and issue artifacts.