[AAASM-2296] 📝 (scenarios): Add policy-enforcement/ scaffold and Python implementation

[Chisanan232]

What changed

Adds the scenarios/policy-enforcement/ directory with shared scenario files and a fully-offline Python sub-project demonstrating Agent Assembly allow/deny policy enforcement.

Shared scenario files:

• scenarios/policy-enforcement/policy.yaml — 4-rule policy (2 allow, 2 deny) with default_action: deny
• scenarios/policy-enforcement/expected-output.txt — terminal output reference
• scenarios/policy-enforcement/README.md — concept explanation, policy walkthrough, run instructions for all 3 languages, expected output, and real-app guidance

Python sub-project (scenarios/policy-enforcement/python/):

• LocalPolicyEngine loads policy.yaml at runtime and evaluates every tool call
• governed() wrapper raises ToolExecutionBlockedError on deny — blocked functions never execute
• 8 smoke tests covering: allowed tools, denied tools, default deny for unknown tools, body-never-executes invariant

All implementations are fully offline — no gateway, API key, or network access required.

Related ticket

Closes AAASM-2296

How to verify

cd scenarios/policy-enforcement/python
uv sync --extra dev
uv run python src/main.py      # shows ALLOW/DENY output
uv run pytest tests/ -v        # 8 tests pass

Checklist

• PR title follows [AAASM-XXXX] <GitEmoji> (<scope>): <summary>
• No secrets, API keys, or .env files committed
• Example sub-projects include their own README.md with prerequisites and run instructions
• SDK/runtime version dependencies are documented or pinned

[sonarqubecloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud