feat(device): add 360 FW v5.5 integration

[magicmagicspider]

Summary

• Add 360 FW v5.5 as a device integration in Flocks.
• Add typed tools for FW system inspection, object management, firewall policy operations, network configuration, VPN/BGP, authentication/security objects, observability, and documented REST API access.
• Add guardrails so this adapter rejects risky FW device-level operations such as reboot, restore, config clear, password change, upgrade, license writes, HA writes, config save, and other high-risk mutation paths.

Why

360 FW v5.5 should work as a first-class device integration in Flocks. Without a dedicated adapter, agents have to rely on raw REST calls, which is harder to use correctly and easy to over-scope.

This PR follows the existing 360 WAF device plugin pattern with provider metadata, YAML tool definitions, probe fixtures, and a Python handler. It exposes common FW workflows as typed tools, so agents can inspect system state, query objects and
policies, manage supported network/VPN/BGP resources, and call documented REST APIs without guessing raw API details.

Risky device-level operations are intentionally blocked in the adapter because restart, restore, config clear, password change, upgrades, license writes, HA writes, and config-save style operations are operationally sensitive and outside the intended
scope of this integration.

Scope

• Add the 360 FW v5.5 device plugin, provider metadata, YAML tool definitions, probe fixtures, and handler implementation.
• Add semantic tools for supported FW system, object, policy, network, VPN/BGP, auth/security, and observability workflows.
• Support documented read-only and mutation REST calls while validating paths/methods against the local FW API document.
• Keep high-risk FW device-state changes out of scope by rejecting dangerous raw mutation paths locally.
• Add focused tests for provider metadata, tool manifests, credential resolution, login authorization, API catalog metadata, request construction, grouped dispatch, and dangerous mutation rejection.

Test Plan

• uv run ruff check .flocks/flockshub/plugins/tools/device/360_fw_v5_5/360_fw.handler.py tests/tool/test_360_fw_device_plugin.py
• uv run python -m py_compile .flocks/flockshub/plugins/tools/device/360_fw_v5_5/360_fw.handler.py
• uv run python scripts/validate_flockshub.py
• uv run pytest tests/tool/test_360_fw_device_plugin.py tests/hub/test_bundled_tools.py tests/hub/test_hub_catalog.py -q

Result: 72 passed, 2 warnings

Compatibility / Migration Impact

• The 360 FW v5.5 adapter adds new tools and safety checks only for this device type.
• No existing device integration behavior is changed.
• Raw mutation calls that attempt high-risk FW device-state changes are intentionally rejected by this adapter.