feat(security): default local workers to localhost only (#1132)

Require generated OpenCode auth and explicit remote-sharing opt-in so local workers stay loopback-only unless the user intentionally exposes them.

ARCHITECTURE.md

@@ -153,6 +153,7 @@ OpenWork therefore has two runtime connection modes:
 
 - OpenWork runs on a desktop/laptop and can host OpenWork server surfaces locally.
 - The OpenCode server runs on loopback (default `127.0.0.1:4096`).
+- The OpenWork server also defaults to loopback-only access. Remote sharing is an explicit opt-in that rebinds the OpenWork server to `0.0.0.0` while keeping OpenCode on loopback.
 - OpenWork UI connects via the official SDK and listens to events.
 - `openwork-orchestrator` is the CLI host path for this mode.
 
@@ -173,6 +174,7 @@ This model keeps the user experience consistent across self-hosted and hosted pa
   - `openwork-orchestrator` (default): Tauri launches `openwork daemon run` and uses it for workspace activation plus OpenCode lifecycle.
   - `direct`: Tauri starts OpenCode directly.
 - In both desktop runtimes, OpenWork server (`/apps/server/`) is the API surface consumed by the UI; it is started with the resolved OpenCode base URL and proxies OpenCode and `opencode-router` routes.
+- Desktop-launched OpenCode credentials are always random, per-launch values generated by OpenWork. OpenCode stays on loopback and is intended to be reached through OpenWork server rather than exposed directly.
 - `opencode-router` is optional in desktop host mode and is started as a local service when messaging routes are enabled.
 
 ```text