fix(server): restore /config toJsonSafe projection

Reverts the redundant-cleanup hypothesis. The reproducer was upgraded
to exercise the actual gemini-auth bug shape — function and bigint
values under provider.options (a Schema.Any-typed declared field, not
an excess property) — and that fails /config encode without the
projection. Effect's onExcessProperty handles excess keys for free,
but Schema.Any pass-through plus encode validation doesn't, so the
toJsonSafe clone at the HTTP boundary is load-bearing for this case.