Harden Draft Improver input guards

[Chenxizhe2025]

Summary

Closes #487.

Adds a folder-local security and performance hardening surface for the isolated Draft Improver tool. The change stays entirely inside tools/v2/individual/draft-improver/ and does not connect the tool to the main app.

Changes

• Added services/draft-improver-guards.mjs with draft normalization, goal allowlisting, active markup rejection, secret-looking content blocking, prompt-injection warnings, bounded context handling, attachment metadata clipping, and workload estimation.
• Added deterministic synthetic fixtures covering safe drafts, prompt-injection-like copy, secret-looking content, active markup, and unsupported goals.
• Added Node built-in tests for the local guard contract, large-draft clipping, sanitizer behavior, and malformed metadata.
• Added docs/SECURITY_AND_PERFORMANCE.md documenting threat assumptions, unsafe draft inputs, and performance limits.
• Updated the tool README with the local validation command.

Validation

• node --test tools/v2/individual/draft-improver/tests/draft-improver-guards.test.mjs - 4 passing
• git diff --check

Boundary check

• Only files under tools/v2/individual/draft-improver/ changed.
• No live network calls, secrets, production data, app shell, routing, inbox, wallet, Stellar, database, or shared design system changes.