fix(realtime): send safe output guardrail feedback

[adityasingh2400]

Summary

• Replaces the internal realtime output-guardrail follow-up prompt with a user-facing safe recovery instruction.
• Includes failed guardrail names and serialized output info so the model can recover without speaking the blocked content.
• Keeps the existing forced interrupt/cancel behavior and adds coverage that the interrupt is forced before the feedback message is sent.

Fixes #1912

Test plan

• uv run ruff format src/agents/realtime/session.py tests/realtime/test_session.py
• uv run ruff check src/agents/realtime/session.py tests/realtime/test_session.py
• uv run pytest tests/realtime/test_session.py -k guardrail -q
• uv run pytest tests/realtime/test_session.py -q
• uv run mypy src/agents/realtime/session.py tests/realtime/test_session.py
• make lint

[seratch]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b7b0bd1aaf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Do not feed guardrail output_info back to the model

output_info is arbitrary guardrail data and often includes the exact matched text or internal policy reason. Serializing it into the user message means a PII/competitor/unsafe-output guardrail can re-inject the blocked content into the next model turn, where it may be spoken or exposed in conversation history, defeating the safe fallback path.

Useful? React with 👍 / 👎.

[seratch]

Even if the issues pointed out by codex are resolved, we don't plan to have this change. Thanks for your interest here.