#662 Security Vulnerability: IPC Proxy Exposes Internal Engine API

The IPCServer blindly proxies all method calls to DurableContext. This allows sandboxed apps to call internal methods (e.g., delete_checkpoint, set_variable directly) bypassing the AppContext safety layer. We must implement a strict whitelist of allowed methods in IPCServer.