feat: add dynamic config support

[0xPatryk]

Description

This PR introduces dynamic configuration support to OpenClaw, allowing users to override internal settings via environment variables.

Changes Included:

• Dot-Notation Configuration: Settings can be structured natively using environment variables. For example, OPENCLAW__channels__telegram__textChunkLimit=3500 will map to config.channels.telegram.textChunkLimit = 3500.
• Allowed Origins Support: Sets origin targets for ControlUI explicitly via OPENCLAW_ALLOWED_ORIGINS (accepts comma-separated values or a JSON array).
• JSON Configuration Injection: Full or partial configuration overrides via OPENCLAW_CONFIG_JSON.
• Gemini Model Update: Updated the default Gemini model used internally to google/gemini-3-pro.
• Utility Abstraction: Factored out type coercion and array parsing logic to scripts/utils.js for cleaner and safer config scripts.

Testing Instructions

1. Run the service using the provided Docker compose or node environment setup.
2. Supply the following environment variables during startup:

   OPENCLAW_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
   OPENCLAW__channels__telegram__textChunkLimit=3500
   OPENCLAW__channels__telegram__streamMode=partial
   OPENCLAW__channels__telegram__reactionLevel=minimal
   OPENCLAW_CONFIG_JSON='{"agents":{"defaults":{"model":{"fallback":"gemini/gemini-3-pro"}}}}'

3. Verify that the changes successfully flow through to the ultimate config object in memory on startup (the boot logs will read "[configure] dot-notation: ...", "[configure] allowed origins: ...", and "[configure] merged OPENCLAW_CONFIG_JSON").
4. Try accessing from localhost:5173 locally, ControlUI should allow the CORS request due to the explicitly injected origins list.