Clarify and align per-agent MCP override semantics (mcp.config vs mcp.authz)

[jhrozek]

While reviewing PR #57 (not merged at the time of writing), I noticed a pre-existing inconsistency in per-agent MCP override handling.

agents.<name>.mcp is currently typed as a full MCPConfig, so the config schema/loader accepts both:

• agents.<name>.mcp.config
• agents.<name>.mcp.authz

However, runtime behavior does not appear to treat those fields consistently:

• per-agent mcp.config is applied when resolving the effective MCP config
• per-agent mcp.authz appears to be parsed but ignored

Relevant code paths:

• pkg/domain/config/config.go
  • AgentOverride.MCP is *MCPConfig
• pkg/sandbox/sandbox.go
  • resolveMCPConfig copies enabled, group, port, and config, but not authz

Why this matters:

• The public config shape suggests per-agent mcp.authz is supported.
• In practice, it does not seem to affect runtime behavior.
• This creates schema/runtime drift and makes the config surface harder to reason about.
• The new config init PR makes this more visible because it introduces generated config documentation, but the underlying behavior looks older than that PR.

Expected outcome:

We should make schema, runtime behavior, and generated documentation agree.

Possible fixes:

1. Support per-agent mcp.authz fully

   • merge it in resolveMCPConfig
   • add tests covering the effective config behavior

2. Do not support per-agent mcp.authz

   • narrow AgentOverride.MCP to a dedicated override type
   • expose only intentionally supported fields
   • make docs/template reflect that narrower shape

3. In either case

   • ensure generated config docs match actual supported per-agent MCP fields
   • add tests for per-agent MCP override resolution

Notes:

Workspace-local .broodbox.yaml security stripping is a separate concern; this issue is about the global config schema/runtime mismatch for per-agent MCP overrides.