Implement v1 enforcement wiring

[CCimen]

Summary

• Add enforcement status visibility to scc config explain showing what's actively enforced vs advisory
• Implement JSON output support for scc config explain --json enabling CI/CD integration
• Add network policy enforcement with proxy environment variable injection
• Improve configuration inheritance with better MCP server merging logic
• Add advisory warnings for config drift detection (e.g., relaxed network policies in project config)

Changes

New Features

• Enforcement Status Table: Shows enforcement state for each config surface (Plugins, Marketplaces, MCP servers, network_policy, safety_net)
• JSON Output: scc config explain --json for machine-readable config inspection
• Network Policy Module: New core/network_policy.py for policy comparison and proxy env collection
• Advisory Warnings: Detects and warns about potential config drift issues

Improvements

• Enhanced compute_effective_config with better MCP server handling
• Updated examples with comprehensive configuration references
• Improved Docker sandbox runtime with policy-aware launching

Test Coverage

• Added tests for config explain functionality
• Added tests for config inheritance scenarios
• Extended Claude adapter and Docker core tests

Test plan

• Run scc config explain and verify enforcement status table appears
• Run scc config explain --json and verify valid JSON output
• Test with various org/team/project config combinations
• Verify advisory warnings appear for misconfigurations