feat(delegation): add named subagent capability profiles

[malaiwah]

What does this PR do?

Adds named delegation capability profiles for delegate_task.

This lets subagents inherit a policy bundle instead of only a raw toolset list. A profile can define child-safe toolsets, memory access mode, memory-provider tool exposure, and terminal backend overrides.

It also hardens child tool scoping to work on resolved tools instead of exact toolset-name intersection, which fixes dynamic/alias-style toolsets like MCP servers and avoids leaking blocked tools through umbrella toolsets.

Related Issue

Fixes #4928

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

• add built-in delegation profiles: restricted, friendly, privileged
• add delegation.default_profile and delegation.profiles config keys
• add delegate_task(profile=...) and per-task profile support in the schema
• scope child tools by resolved tools, not exact toolset-name intersection
• add child memory policy controls: none, read, write
• allow profile-driven terminal overrides, including backend selection
• reuse per-task terminal overrides in file sandbox creation too
• update docs and cli-config.yaml.example
• add focused tests for profile resolution, child agent construction, tool scoping, and backend override behavior

How to Test

1. Set delegation.default_profile: friendly in ~/.hermes/config.yaml.
2. Run a task that delegates and confirm the child gets terminal/file/web plus read-only memory context.
3. Run python -m pytest tests/tools/test_delegate.py tests/tools/test_delegate_toolset_scope.py tests/tools/test_parse_env_var.py -q.

Validation on this branch:

• targeted profile/delegation slice: 68 passed
• full suite: 7883 passed, 172 skipped, 1 xfailed, 7 failed
• the 7 failures were outside the touched files in this PR

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: macOS 15

Documentation & Housekeeping

• I've updated relevant documentation (README, docs/, docstrings) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

[malaiwah]

Validation on this branch:

• targeted profile/delegation slice: 68 passed
• full suite: 7883 passed, 172 skipped, 1 xfailed, 7 failed
• the 7 failures were outside this PR's touched files

[malaiwah]

Added a small follow-up test commit on this branch.

New coverage:

• top-level and per-task profile propagation in delegate_task
• runtime gating for built-in memory writes when memory_write_enabled=false
• runtime gating for provider memory tools when provider_tool_access=false
• provider memory tool dispatch still works when access is enabled

Validation:

• python -m pytest tests/tools/test_delegate.py tests/tools/test_delegate_toolset_scope.py tests/tools/test_parse_env_var.py tests/test_run_agent.py -q
• 294 passed