Add security control plane primitives

[daxia778]

Summary

Addresses #104 with a focused security control plane implementation that turns agent action plans into policy-checked executions.

This adds:

• short-lived isolated agent sessions with deterministic credential derivation and rotation
• policy classification for allowed, approval-required, and denied operations
• one-time human approval tickets with HMAC signatures and expiry
• a tamper-evident audit hash chain for planned, approved, denied, and executed operations
• regression tests covering low-risk execution, sensitive approval gating, denied operations, credential rotation, and audit tamper detection

This is intentionally the core broker/control-plane slice rather than a Firecracker launcher. It gives the repo testable semantics for approval, logging, credential expiry, and policy enforcement before wiring it to a runtime boundary.

Validation

• python3 -m pytest src/test_security_control_plane.py -q -> 5 passed
• python3 -m py_compile src/security_control_plane.py src/test_security_control_plane.py
• git diff --check -- src/security_control_plane.py src/test_security_control_plane.py

I also ran python3 -m pytest -q; current upstream/main collection fails before reaching this change because of existing unrelated baseline issues: missing oracle, missing mcp, non-Python contents in existing .py test files, and an existing obj NameError in src/recipes/banana_pudding.py.