feat(cli): add --fields projection to incident/alert list

[ysyneu]

What

Add an additive --fields flag to the curated incident list and alert list commands. In structured (--output-format json|toon / --json) mode, --fields a,b,c projects each row to only the named JSON-tagged fields via one shared reflection helper (internal/cli/fieldproject.go::projectFields), so the first list call is already compact.

• Default behavior (no --fields) is byte-identical to today — the full nested record still dumps. Regression-tested.
• --fields is a no-op in table mode (documented in flag help).
• Unknown field names fail fast, listing the valid tag names for the row type.
• Projected values keep their original typed value (e.g. flashduty.Timestamp), so per-field encoding stays byte-consistent with the full dump.

Examples:

• fduty alert list --fields alert_id,title,alert_severity,created_at --output-format toon
• fduty incident list --fields incident_id,title,incident_severity,progress,start_time --json

Root cause

In structured mode the curated compact column set (cols []output.Column) passed to ctx.PrintList is completely ignored — TOONPrinter/JSONPrinter marshal the whole nested SDK struct (IncidentInfo/AlertItem with responders, alerts, labels, incident, events blobs). So the agent's first incident list/alert list dump is huge and pure waste: it spills to a file and is then immediately re-queried with a narrower jq projection (which even failed in one session because jq isn't installed in the sandbox). --fields lets the FIRST call be compact: no spill, no jq.

Evidence (audit run audit-2026-06-23)

All 6 cited oversized findings are the first full dump being waste:

• sess_CAikSKGN2GFsHh6nYsXQw6 — 83.7KB / 2593 lines for 66 alerts; re-queried with jq (jq absent in sandbox).
• sess_7BvVWNcaRcCmw8DykPSaki — 69.7KB for 20 incidents.
• sess_H3xYYtxVpEpXNFUgDAMem9 — 52KB + 67KB dumps.
• sess_8mJca7nB7gCcsGUHLQgwQz — 60.4KB never used.

Scope

Deliberately out of scope (per the design's "do not stretch" rule): the proposal's --count/group-by summary mode (a mini query engine with unsettled design surface), nested/dotted field paths, and any change to the generated command layer or the internal/output printers. The default path is untouched end-to-end.

Verification

$ env -u GOROOT go build ./...        # exit 0
$ env -u GOROOT go test ./...         # all packages ok
ok  github.com/flashcatcloud/flashduty-cli/cmd/flashduty
ok  github.com/flashcatcloud/flashduty-cli/internal/cli
ok  github.com/flashcatcloud/flashduty-cli/internal/output
... (all green)
$ env -u GOROOT go vet ./internal/cli/   # clean

New tests in internal/cli/fieldproject_test.go drive the real command via the newGFStub harness:

• Default-unchanged regression (conductor constraint): no --fields under toon and json still emits the full nested keys (responders/labels for incident, events/incident for alert).
• Projection: toon + json emit exactly the requested keys and drop the rest (json asserted structurally via json.Unmarshal — exactly N keys).
• Table-mode ignore: --fields is a no-op; normal headers still print.
• Unknown field: errors with the offending name.

Note: make lint fails in this environment due to a pre-existing toolchain mismatch (installed golangci-lint v2.2.1 built with go1.24 refuses a module targeting go1.25.1) — unrelated to this change; gofmt -s and gci are clean on the touched files.