feat: org-scoped marketplace with tenant visibility model

[imran-siddique]

Summary

Policy conflict resolution already supports global/tenant/organization/agent scopes (policies/conflict_resolution.py), but agent_marketplace has no org/tenant fields. PluginRegistry and MarketplacePolicy need org-scoped visibility so organizations can maintain their own approved plugin catalogs.

What Exists

• Policy scopes: global, tenant, organization, agent (conflict_resolution.py:20-33)
• Tenant isolation checklist (docs/security/tenant-isolation-checklist.md)
• Plugin registry with trust tiers (registry.py, trust_tiers.py)

What's Missing

• PluginManifest needs organization field
• PluginRegistry needs org-scoped queries (list plugins for org X)
• MarketplacePolicy needs per-org allowlist/blocklist
• Marketplace export should support org-filtered catalogs

Context

Enterprise deployments need org-scoped marketplaces with independent governance. A multi-layer model (Enterprise > Organization > Team > Individual) is the natural pattern for large-scale agent governance.

[imran-siddique]

Implemented in PR #739. New modules: content_governance.py, github_enterprise.py, quality_scoring.py, org-scoped marketplace policies, per-org MCP policies.