feat: integrate MinIO-backed user filesystem

app-instance/backend/docs/security/user-filesystem-tooling.md

@@ -0,0 +1,12 @@
+# User File System Tooling Boundary
+
+The `personal-user-filesystem` change adds `user_files_*` tools for files that users can upload, inspect, and receive from agents. These tools enforce the same virtual roots as the web API:
+
+- `uploads/`
+- `outputs/`
+- `shared/`
+- `tasks/`
+
+The existing local workspace filesystem tools remain registered for internal runtime and development workflows. They are workspace-scoped, but they are not the user-visible file boundary. Agents should use `user_files_*` tools when reading user-provided files or writing user-facing outputs.
+
+Follow-up for stronger isolation: add a runtime policy switch that disables or narrows local workspace filesystem tools for ordinary personal-agent tasks, while keeping `user_files_*` available.