Standardize remaining API config mutation reload paths

[vsumner]

Summary

Stacked follow-up (on top of spacedriveapp#141) to finish config-mutation consistency across API endpoints, harden config writes against races, improve backward compatibility for MCP config parsing, and ensure runtime reload signaling is consistent.

Changes

1) Locked + atomic config writes

• Added API-level config mutation lock in ApiState (config_write_lock) to serialize concurrent config.toml writes.
• Updated shared config write helper to:
  • acquire the mutation lock
  • validate content
  • write to a temp file and atomically rename into place
  • reload the parsed Config snapshot
• Updated all config-mutating API call sites to use the locked helper signature.

2) Remaining API mutation paths standardized

• Standardized remaining config-mutating endpoints to use the shared validated-write + live reload flow:
  • src/api/mcp.rs (create_mcp_server, update_mcp_server, delete_mcp_server)
  • src/api/settings.rs (update_global_settings, update_raw_config)
  • src/api/agents.rs (create_agent, delete_agent)
• Shared reload helper refreshes:
  • LLM manager config snapshot
  • API defaults snapshot
  • live RuntimeConfig instances

3) MCP config schema alignment + compatibility

• Fixed MCP API handlers to mutate/read [[defaults.mcp]] (the canonical runtime schema), instead of a disconnected top-level [[mcp_servers]] table.
• Added parser compatibility for legacy [[mcp_servers]]:
  • legacy entries are merged into defaults.mcp
  • canonical defaults.mcp entries win on name conflicts
  • deprecation warning emitted when legacy table is present

4) Config reload event consistency

• reload_all_runtime_configs now emits ApiEvent::ConfigReloaded after applying the new snapshot.
• update_agent_config now also emits ApiEvent::ConfigReloaded (it mutates API state directly rather than going through the shared runtime reload helper).

5) Raw config semantics tightened

• update_raw_config returns explicit failure response for invalid/unapplicable config content and avoids false-success messaging.

6) Added mutation-path tests

• src/api/settings.rs
  • invalid raw update fails and does not persist
  • valid raw update persists and succeeds
• src/api/mcp.rs
  • create/delete MCP server persists config and updates runtime MCP config
• src/api/agents.rs
  • delete agent removes agent from config and API state snapshot
• src/config.rs
  • legacy [[mcp_servers]] merges into defaults.mcp and preserves canonical precedence

7) Docs updates

• README.md MCP examples now use [[defaults.mcp]] and mention legacy compatibility.
• docs/design-docs/mcp.md updated to describe API CRUD behavior against [[defaults.mcp]] and backward compatibility for legacy [[mcp_servers]].

Validation

• cargo fmt --all -- --check
• cargo test api::mcp::tests:: -- --nocapture
• cargo test api::agents::tests:: -- --nocapture
• cargo test api::settings::tests:: -- --nocapture
• cargo test config::tests::test_legacy_mcp_servers_table_migrates_into_defaults_mcp -- --nocapture
• cargo test