fix(gateway): prevent Discord role-allowlist auth bypass

[plgonzalezrx8]

Motivation

• An early-return in GatewayRunner._is_user_authorized unconditionally authorized any Discord source whenever DISCORD_ALLOWED_ROLES was set, creating an authorization bypass for slash and other non-message interactions.
• Discord slash handlers build a MessageEvent and call handle_message without going through the adapter's on_message pre-filter, so the adapter-side role check cannot be assumed to have run.
• The goal is to ensure role-based allowlists are enforced for all Discord entrypoints without breaking existing allowlist semantics.

Description

• Replaced the unconditional DISCORD_ALLOWED_ROLES early-return in GatewayRunner._is_user_authorized with an adapter-backed verification that calls the Discord adapter's _is_allowed_user(user_id) when available (gateway/run.py).
• If the adapter's _is_allowed_user returns true the gateway authorizes early, otherwise authorization falls through to pairing, platform-specific allowlists, and global checks instead of granting access.
• Updated tests/gateway/test_discord_bot_auth_bypass.py to assert the new behavior, adding tests that require adapter verification, verify fail-closed when adapter verification is missing, and ensure DISCORD_ALLOWED_USERS still authorizes via the normal allowlist path.

Testing

• Ran the focused pytest module with python -m pytest -o addopts='' tests/gateway/test_discord_bot_auth_bypass.py -q and all tests passed (10 passed).
• Attempted scripts/run_tests.sh but it could not be executed in this environment due to missing project virtualenv (.venv / venv), so CI-style wrapper was not run here.