feat(shared-kernel): add application-level authorization hook

[florishafkenscheid]

Description of change

Added a shared-kernel authorization hook around application command and query execution.

This introduces neutral authorization primitives (Actor, AuthorizationRequest, AuthorizationOperation, and AuthorizationChecker) plus a default allow-all checker for existing open-source behavior. ServiceHandle can now dispatch commands and queries with optional actor context, and ApplicationService authorizes each command/query before calling the bounded context.

The goal is to make authorization enforceable below inbound adapters such as HTTP, GraphQL, gRPC, or queues, rather than tying access checks to a specific API transport.

Links to any relevant issues

N/A

How the change has been tested

Verified locally with:

cargo fmt --check
cargo test -p shared-kernel
cargo clippy -p shared-kernel -- -D warnings
cargo check --workspace
git diff --check

The shared-kernel tests cover default allow-all behavior, actor context propagation, authorization request construction, denied command/query execution, error mapping, dropped reply channels, and service shutdown.

Definition of Done checklist

• I have followed the contribution guidelines for this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have successfully tested this change in a docker environment

[codecov-commenter]

Codecov Report

❌ Patch coverage is 97.98719% with 22 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
agent_identity/src/state.rs	79.12%	19 Missing ⚠️
...ent_api_http/src/v0/holder/holder/offers/accept.rs	95.91%	2 Missing ⚠️
agent_issuance/src/state.rs	90.00%	1 Missing ⚠️

Files with missing lines	Coverage Δ
agent_api_http/src/error.rs	95.40% <100.00%> (+15.77%)	⬆️
agent_api_http/src/handlers.rs	100.00% <100.00%> (ø)
agent_api_http/src/lib.rs	0.00% <ø> (ø)
...t_api_http/src/v0/holder/holder/credentials/mod.rs	63.63% <100.00%> (+63.63%)	⬆️
...ent_api_http/src/v0/holder/holder/offers/reject.rs	100.00% <100.00%> (+100.00%)	⬆️
...api_http/src/v0/holder/holder/presentations/mod.rs	72.13% <100.00%> (+72.13%)	⬆️
agent_api_http/src/v0/holder/openid4vci/mod.rs	88.09% <100.00%> (+88.09%)	⬆️
agent_api_http/src/v0/identity/connections/mod.rs	69.78% <100.00%> (+40.45%)	⬆️
agent_api_http/src/v0/identity/profiles/mod.rs	62.71% <100.00%> (+62.71%)	⬆️
...ent_api_http/src/v0/identity/services/linked_vp.rs	98.33% <100.00%> (+98.33%)	⬆️
... and 32 more

... and 28 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.