feat: per-org MCP server governance policies

[imran-siddique]

Summary

MCP server allow/block exists in marketplace_policy.py and the MCP proxy has enterprise policies, but there is no org-level scoping. Policies are global only.

What's Missing

• Org-scoped MCP server allowlists (different orgs may permit different servers)
• Inherit/override model: enterprise base policy + org-level additions
• Policy resolution: org policy inherits from enterprise, can add but not remove base restrictions

Context

In multi-org deployments, different organizations have different security requirements for which MCP servers are permitted. The current global-only model forces a lowest-common-denominator approach.

[hashwnath]

Hi @imran-siddique - I'd like to work on this.

[imran-siddique]

Implemented in PR #739. New modules: content_governance.py, github_enterprise.py, quality_scoring.py, org-scoped marketplace policies, per-org MCP policies.