fix(proxy): close port-6443 allowlist bypass in squid ACLs

The kubectl_api ACL allowed CONNECT tunnels to any host on port 6443,
bypassing the domain allowlist entirely. Remove it and require cluster
hostnames to be added explicitly to allowed_sites instead.

Also remove the localhost and .local entries — these aren't needed for
Claude Code or the configured MCP servers.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

proxy/squid.conf

@@ -24,20 +24,17 @@ acl Safe_ports port 443
 acl Safe_ports port 6443  # Kubernetes API server
 acl CONNECT    method CONNECT
 
-# Kubernetes API server — allow CONNECT tunnels to any cluster endpoint on :6443
-acl kubectl_api port 6443
-
 # ─── Egress allowlist ─────────────────────────────────────────────────────────
 # Add domains here as needed. Leading dot matches all subdomains.
 acl allowed_sites dstdomain api.anthropic.com
 acl allowed_sites dstdomain statsig.anthropic.com
 acl allowed_sites dstdomain platform.claude.com
-acl allowed_sites dstdomain localhost
-acl allowed_sites dstdomain .local
 # MCP servers
 acl allowed_sites dstdomain api.github.com
 acl allowed_sites dstdomain .gitlab.com
 acl allowed_sites dstdomain .atlassian.net
+# Kubernetes API server — add your cluster's hostname here when using --kube
+# acl allowed_sites dstdomain k8s.example.com
 
 # ─── Access rules ─────────────────────────────────────────────────────────────
 # Block requests to non-standard ports
@@ -49,9 +46,6 @@ http_access deny CONNECT !SSL_ports
 # Allow HTTPS tunnels only to allowlisted destinations
 http_access allow CONNECT allowed_sites
 
-# Allow kubectl to reach any Kubernetes API server on the standard port
-http_access allow CONNECT kubectl_api
-
 # Allow plain HTTP only to allowlisted destinations
 http_access allow allowed_sites