agent socket: external wake-up path for in-container MCP servers

new AgentRequest::Wake { from, body } drops a message into
this agent's inbox via the per-agent socket. matrix-style MCP
servers can use it when they receive an external event
(matrix message, webhook, scrape result) to nudge claude
into running a turn. broker.send wakes whatever Recv is
currently long-polling, the harness picks the message up,
formats a wake prompt with the caller's chosen from label
('matrix: new dm', 'webhook: deploy succeeded', etc.).

new `hive-ag3nt wake --from <label> --body <text>` subcommand
on the harness binary so MCP servers can shell out instead of
implementing the line-JSON protocol themselves; body=='-'
reads from stdin for multi-line / quoting-friendly payloads.

identity = socket: anything that can connect to /run/hive/mcp
.sock is implicitly trusted to inject. that's fine because the
bind-mount is the agent's own container; no new auth surface
opens up.

docs/turn-loop.md gets a new 'Waking the agent from inside
the container' section pointing at both paths (CLI + raw
JSON).

hive-c0re/src/agent_server.rs

@@ -141,6 +141,16 @@ async fn dispatch(req: &AgentRequest, agent: &str, coord: &Arc<Coordinator>) ->
                 message: format!("{e:#}"),
             },
         },
+        AgentRequest::Wake { from, body } => match broker.send(&Message {
+            from: from.clone(),
+            to: agent.to_owned(),
+            body: body.clone(),
+        }) {
+            Ok(()) => AgentResponse::Ok,
+            Err(e) => AgentResponse::Err {
+                message: format!("{e:#}"),
+            },
+        },
         AgentRequest::Recent { limit } => match broker.recent_for(agent, *limit) {
             Ok(rows) => AgentResponse::Recent { rows },
             Err(e) => AgentResponse::Err {