fix(agent): inject full datetime into system prompt and allow date command

Three related agent UX issues found during MiniMax channel testing:

1. DateTimeSection injected only timezone, not the actual date/time.
   Models have no reliable way to know the current date from training
   data alone, causing wrong or hallucinated dates in responses.
   Fix: include full timestamp (YYYY-MM-DD HH:MM:SS TZ) in the prompt.

2. The `date` shell command was absent from the security policy
   allowed_commands default list. When a model tried to call
   shell("date") to get the current time, it received a policy
   rejection and told the user it was "blocked by security policy".
   Fix: add "date" to the default allowed_commands list. The command
   is read-only, side-effect-free, and carries no security risk.

3. (Context) The datetime prompt fix makes the date command fallback
   largely unnecessary, but the allowlist addition ensures the tool
   works correctly if models choose to call it anyway.

Non-goals:
- Not changing the autonomy model or risk classification
- Not adding new config keys

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/agent/prompt.rs

@@ -215,7 +215,8 @@ impl PromptSection for DateTimeSection {
     fn build(&self, _ctx: &PromptContext<'_>) -> Result<String> {
         let now = Local::now();
         Ok(format!(
-            "## Current Date & Time\n\nTimezone: {}",
+            "## Current Date & Time\n\n{} ({})",
+            now.format("%Y-%m-%d %H:%M:%S"),
             now.format("%Z")
         ))
     }

src/security/policy.rs

@@ -111,6 +111,7 @@ impl Default for SecurityPolicy {
                 "wc".into(),
                 "head".into(),
                 "tail".into(),
+                "date".into(),
             ],
             forbidden_paths: vec![
                 // System directories (blocked even when workspace_only=false)