feat(v1.1.4): outbound HTTP SDK + cron triggers

HTTP (`http::*`):
- `HttpService` trait (picloud-shared) + reqwest-backed `HttpServiceImpl`
  (manager-core), wired into the `Services` bundle.
- SSRF deny-list applied to the resolved IP via a custom reqwest
  `dns_resolver` (covers every redirect hop + defeats DNS rebinding) plus
  a literal-IP check at URL-parse time. Scheme/port restrictions, request
  + response body caps (stream-with-cap), layered timeout. Error reason is
  a CIDR category, never the IP. `PICLOUD_HTTP_ALLOW_PRIVATE` dev override
  (logs a startup warning).
- Rhai bridge with three-arg split `verb(url, body, opts)` (resolves the
  brief's body-vs-opts contradiction; unknown opt keys throw). Body
  dispatch by type; response `#{status,headers,body,body_raw}` with JSON
  auto-parse; non-2xx does not throw.
- `Capability::AppHttpRequest` → existing `script:write` scope (no new
  Scope variant). `SdkCallCx` gains `script_id` (attribution + User-Agent).

Cron triggers (4th trigger kind):
- Migration 0017 widens the kind/source_kind CHECKs and adds
  `cron_trigger_details`. `cron`/`chrono-tz` parse + validate 6-field
  schedules and IANA timezones.
- `spawn_cron_scheduler` polls due triggers and enqueues to the universal
  outbox; the dispatcher delivers them (one-line match-arm extension).
  Catch-up fires exactly once per trigger per tick, not once per missed
  window. `ctx.event.cron` for handlers.
- `POST /api/v1/admin/apps/{id}/triggers/cron` reuses the v1.1.3
  cross-app + kind!=module target check.
- Dashboard: admin-gated Triggers tab (cron create form + list).

Follow-ups: redact module backend errors at the resolver boundary (log
original at error level); pin `rhai = "=1.24"`; CHANGELOG incl. retroactive
v1.1.3 cross-app-trigger security note. Version bumps: workspace 1.1.4,
SDK 1.5, dashboard 0.10.0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

crates/executor-core/tests/modules.rs

@@ -17,8 +17,8 @@ use chrono::{DateTime, Utc};
 use picloud_executor_core::{Engine, ExecRequest, InvocationType, Limits};
 use picloud_shared::{
     AppId, ExecutionId, ModuleScript, ModuleSource, ModuleSourceError, NoopDeadLetterService,
-    NoopDocsService, NoopEventEmitter, NoopKvService, RequestId, ScriptId, ScriptSandbox,
-    SdkCallCx, Services,
+    NoopDocsService, NoopEventEmitter, NoopHttpService, NoopKvService, RequestId, ScriptId,
+    ScriptSandbox, SdkCallCx, Services,
 };
 use tokio::sync::Mutex;
 
@@ -96,6 +96,7 @@ fn services_with(modules: Arc<dyn ModuleSource>) -> Services {
         Arc::new(NoopDeadLetterService),
         Arc::new(NoopEventEmitter),
         modules,
+        Arc::new(NoopHttpService),
     )
 }
 
@@ -321,20 +322,28 @@ async fn resolver_runtime_validation_rejects_top_level_expr() {
     );
 }
 
+/// v1.1.4 §10a regression: the backend error must be REDACTED before
+/// it reaches a script. The verbatim message (which can leak internal
+/// infrastructure shape, e.g. "connection refused") must not appear;
+/// the script sees only a stable generic.
 #[tokio::test(flavor = "multi_thread")]
-async fn resolver_backend_error_surfaces() {
+async fn resolver_backend_error_is_redacted_from_script() {
     let source = CountingModuleSource::new();
     let app_id = AppId::new();
-    *source.fail_with.lock().await = Some("simulated db outage".into());
+    *source.fail_with.lock().await = Some("connection refused to 10.1.2.3:5432".into());
     let engine = engine_with(source);
 
     let err = engine
         .execute(r#"import "x" as x; 1"#, req(app_id))
         .expect_err("backend error should propagate");
-    let msg = format!("{err:?}").to_lowercase();
+    let msg = format!("{err:?}");
     assert!(
-        msg.contains("simulated") || msg.contains("backend"),
-        "expected backend-error message, got {msg}"
+        msg.contains("module backend unavailable"),
+        "expected redacted generic message, got {msg}"
+    );
+    assert!(
+        !msg.contains("connection refused") && !msg.contains("10.1.2.3"),
+        "redacted message must not leak the backend error, got {msg}"
     );
 }