[AAASM-2301] ✨ (scenarios): Add policy-enforcement/go/ implementation

[Chisanan232]

What changed

Adds the Go sub-project for the scenarios/policy-enforcement/ scenario. Reads the shared policy.yaml using gopkg.in/yaml.v3, builds a policyClient implementing assembly.GovernanceClient, and wraps four tools with assembly.WrapTools() — matching the pattern from go/tool-policy.

Files added (scenarios/policy-enforcement/go/):

• policy.go — loads ../policy.yaml, builds policyClient with per-tool allow/deny rules and fail-closed default
• tools.go — four tools: read-config, list-agents (ALLOWED), delete-agent, send-email (DENIED)
• main.go — prints policy summary, runs all 4 wrapped tools, shows ALLOW/DENY with reasons
• main_test.go — 6 tests: 2 allowed, 2 denied, default-deny, policy config load

Related ticket

Closes AAASM-2301

How to verify

cd scenarios/policy-enforcement/go
go run .          # prints ALLOW/DENY output
go test ./...     # 6 tests pass

Checklist

• PR title follows [AAASM-XXXX] <GitEmoji> (<scope>): <summary>
• No secrets, API keys, or .env files committed
• Example sub-projects include their own README via the scenario-level README
• SDK/runtime version dependencies are documented or pinned

[sonarqubecloud]

Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
2.7% Duplication on New Code

See analysis details on SonarQube Cloud