fix(app-control): close TOCTOU race in session-lock acquisition

[siddseethepalli]

Address review feedback on #29323.

Changes

• Acquire activeAppControlSession optimistically before dispatching the host start request, instead of after handleSuccess resolves. Two concurrent starts from different conversations could otherwise both pass the guard while the lock was still undefined and race the post-dispatch acquisition.
• Release the optimistic lock on dispatch failure or when the host returns a non-running state.
• Use this.conversationId consistently for both the start guard check and checkNonStartAuthorization, eliminating the inconsistency where the guard read the parameter while acquisition wrote this.conversationId.
• Factor lock release into a releaseSessionIfHeld helper used by request, handleSuccess, and dispose.

Skipped feedback

• Codex P1 'release lock on stop': already addressed — app_control_stop short-circuits in conversation-surfaces.ts and disposes the proxy, which releases the lock (covered by app-control-flow.test.ts).
• Devin ANALYSIS on PNG-hash guard tracking non-observe tools: intentional behavior, documented inline.
• Devin ANALYSIS on missing stop-releases-lock test: test exists at app-control-flow.test.ts:305.

---

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a6eb0eb65a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[devin-ai-integration]

Devin Review found 2 potential issues.

View 2 additional findings in Devin Review.

[siddseethepalli]

Addressed in #30531