Part of #1195 — Phase 5

Surface content isolation activity in the TUI dashboard.

Crates: zeph-tui, zeph-core
Depends on: SEC-1.4

Tasks:

• Security status indicator: show when untrusted content is being processed (spinner)
• Flagged injection attempts visible in TUI log panel with source attribution
• /security TUI command: display security event history (last N events)
• Metrics integration: injection patterns detected count, content sanitized count, quarantine invocations
• Color-coded trust level badges on tool results in chat view

Files: crates/zeph-tui/src/commands.rs, crates/zeph-tui/src/widgets/, crates/zeph-core/src/metrics.rs