[SECURITY] Optional consent gate for mcts inventory auto-discovery

[hello-args]

Summary

Add an optional explicit consent gate for mcts inventory auto-discovery, mirroring live/fuzz (probe/consent.py).

Problem

Issue #87 is satisfied by SECURITY.md documentation (not a consent flag) plus --paths-only, --config-path, and --redact-paths (PR #279). Default mcts inventory still auto-discovers and parses home-directory configs without an interactive or env-var opt-in.

This issue tracks optional hardening for enterprises that want live/fuzz-style opt-in beyond #87.

Expected Behavior

• --i-understand-inventory-risk flag on mcts inventory
• CI bypass via MCTS_INVENTORY_OK=1 (consistent with MCTS_LIVE_OK)
• Gate applies when auto-discovery runs (default, --scan, --scan-all, analyzers)
• Exempt: --paths-only, --config-path (explicit user scope)
• Exit code 2 without consent; document in SECURITY.md, docs/platform/cli.md, docs/scanning/inventory.md

Evidence

• src/mcts/probe/consent.py — live/fuzz consent pattern
• src/mcts/cli/main.py — inventory command has no consent check

Impact

Enterprise users may want opt-in before any config parse. Breaking change if made default without migration period.

Recommendation

Implement src/mcts/inventory/consent.py parallel to probe/consent.py. Defer until after #87 / PR #279 merges.

References

• [SECURITY] mcts inventory reads local MCP configs without consent gate #87 (documentation path chosen for AC chore(deps): Bump actions/upload-artifact from 4 to 7 #1)
• PR feat(inventory): add privacy controls for config discovery (#87) #279
• Validation: local/issue-87-pr-279-validation.md

Acceptance Criteria

• Consent module + CLI flag + env bypass
• Clear exit 2 message
• Documented exemptions for --paths-only and --config-path
• Tests for granted/denied paths