Add agent-level context isolation and governance controls
Follow up to:
#3582504
_**NOTE: Before working on this issue, verify it's still relevant and makes sense.**_
**Description:**
Introduce governance controls for limiting which agents can access which context. This should support safer multi-agent deployments and reduce accidental context leakage between unrelated use cases.
**Includes:**
- `2.3` Context isolation between agents
**Scope:**
- Design an isolation model for agent-specific context access.
- Evaluate whether isolation should use domains, taxonomy, config, permissions, or another mechanism.
- Ensure isolation works alongside existing scope subscriptions and inclusion overrides.
- Add tests for agent separation and fallback behavior.
**Acceptance criteria:**
- Context can be restricted to specific agents or agent groups.
- Existing global/context scope behavior remains backwards-compatible.
- Access rules are deterministic and documented.
- Tests cover allowed, denied, and shared context cases.
[x] AI Assisted Issue
issue