fix: policy/*.codexpolicy -> rules/*.rules (#7888)

We decided that `*.rules` is a more fitting (and concise) file extension
than `*.codexpolicy`, so we are changing the file extension for the
"execpolicy" effort. We are also changing the subfolder of `$CODEX_HOME`
from `policy` to `rules` to match.

This PR updates the in-repo docs and we will update the public docs once
the next CLI release goes out.

Locally, I created `~/.codex/rules/default.rules` with the following
contents:

```
prefix_rule(pattern=["gh", "pr", "view"])
```

And then I asked Codex to run:

```
gh pr view 7888 --json title,body,comments
```

and it was able to!

codex-rs/execpolicy/src/execpolicycheck.rs

@@ -14,9 +14,9 @@ use crate::RuleMatch;
 /// Arguments for evaluating a command against one or more execpolicy files.
 #[derive(Debug, Parser, Clone)]
 pub struct ExecPolicyCheckCommand {
-    /// Paths to execpolicy files to evaluate (repeatable).
-    #[arg(short = 'p', long = "policy", value_name = "PATH", required = true)]
-    pub policies: Vec<PathBuf>,
+    /// Paths to execpolicy rule files to evaluate (repeatable).
+    #[arg(short = 'r', long = "rules", value_name = "PATH", required = true)]
+    pub rules: Vec<PathBuf>,
 
     /// Pretty-print the JSON output.
     #[arg(long)]
@@ -35,7 +35,7 @@ pub struct ExecPolicyCheckCommand {
 impl ExecPolicyCheckCommand {
     /// Load the policies for this command, evaluate the command, and render JSON output.
     pub fn run(&self) -> Result<()> {
-        let policy = load_policies(&self.policies)?;
+        let policy = load_policies(&self.rules)?;
         let matched_rules = policy.matches_for_command(&self.command, None);
 
         let json = format_matches_json(&matched_rules, self.pretty)?;