Localize security mode decision copy

[jerryfan]

The security mode flow has several decision points where wording affects whether a user relaxes or tightens enforcement: current mode, basic vs max differences, mode-change warnings, invalid mode, and the TUI-only audit message.

This PR makes just that security-mode decision copy optionally localizable while preserving the existing English strings as fallbacks.

What changed:

• added a tiny optional i18n bridge in extensions/i18n.ts
• registered es, fr, and pt-BR strings for security-mode/audit decision copy
• wrapped only the /security mode and /security-audit user-facing strings that directly affect enforcement decisions

What did not change:

• no required dependency
• no behavior change when no i18n provider is present
• English fallback text stays in the call sites
• no generated files or package metadata changes
• easy to revert by deleting extensions/i18n.ts and the small wrappers in extensions/security.ts

Validation:

• npx esbuild extensions/security.ts --bundle --platform=node --format=esm --outfile=... --external:@mariozechner/pi-coding-agent passed
• npx tsx --test tests/*.test.ts ran; existing Windows path expectation failures remain in security path tests (/tmp, /home, cwd), unrelated to these string changes
• npm run typecheck is currently blocked by existing repo-wide type issues/missing ambient deps before this change (@mariozechner/pi-coding-agent, node types, existing strict errors)

If useful later, I’m happy to handle broader localization in small follow-up PRs using whatever locale set you prefer.