fix: disable unauthenticated native discovery fallback

[mosure]

Motivation

• A new native libp2p KAD/rendezvous fallback accepted unauthenticated provider keys and namespaces, allowing an attacker to compute and register victim namespaces and poison discovery.
• The server-side rendezvous handler only logged events and did not bind registrations to an authenticated identity, enabling spoofed capsules to appear verified to clients.

Description

• Prevent unauthenticated provider advertisement by making provide_key return an error until discovery authorization is implemented.
• Prevent unauthenticated provider lookup by making discover_providers return an error until discovery authorization is implemented.
• Disable unauthenticated rendezvous registration by making register_rendezvous_namespace return an error until discovery authorization is implemented.
• Update readiness output to set native_rendezvous_kad_provider_fallback to false and add the native_rendezvous_kad_provider_fallback_not_integrated known gap, and adjust unit tests to assert the secure-by-default behavior.

Testing

• Running cargo test -p agent_feed_p2p -p agent_feed_edge --locked --lib with the local rustc failed due to a toolchain mismatch (project requires newer Rust).
• Ran targeted tests using cargo +1.92.0 ... --ignore-rust-version and verified native_libp2p_kad_provider_fallback_is_disabled_until_authorized, native_libp2p_rendezvous_fallback_is_disabled_until_authorized, and native_libp2p_live_service_skips_configured_discovery_when_disabled all passed.
• Verified edge readiness test readyz_reports_data_plane_gaps_and_durable_controls passed after updating the readiness payload and known gaps.
• These automated tests demonstrate the unauthenticated discovery paths are disabled while preserving other p2p functionality under test.

---

Codex Task