Add tool injection attack module for MCP tool misuse testing

[bharqav]

Description

This pull request introduces a new, dedicated tool-augmented agent attack module to address vulnerabilities related to MCP tool injection and tool misuse. The new module includes 20 adversarial payloads categorized into four distinct attack vectors: parameter injection, selection manipulation, tool chain poisoning, and unauthorized tool invocation. The primary goal is to evaluate whether AI agents with tool access can be manipulated into executing unauthorized commands, selecting inappropriate endpoints, or trusting malicious output structures.

Several key architectural decisions were made during implementation:

• Category Alignment: All attacks are assigned to the AttackCategory.INSECURE_PLUGIN category to mirror existing model context protocol connectivity threats, while explicitly overriding the owasp_ref property to "OWASP-AGENT-004: Tool Misuse" for accurate Top 10 taxonomy.
• Registry Decoupling: We exported the ALL_TOOL_INJECTION_ATTACKS list directly from the attacks module to keep registration centralized in security.py.
• Severity Allocation: Based on risk severity, we assigned Severity.CRITICAL to parameter injection and unauthorized invocation (which lead to direct code execution/bypasses) and Severity.HIGH to selection manipulation and chain poisoning.
• Resilient Unit Tests: We structured unit tests to check count constraints, type safety, and metadata correctness rather than matching specific substrings to prevent tests from breaking during future payload text adjustments.

Fixes issue : #49

Type of change

✓ New attack vector (non-breaking change which adds functionality)
✓ This change requires a documentation update ( this introduces a completely new security module and four new attack types, it requires updating the security architecture documentation.)

How Has This Been Tested?

The implementation was verified against a local Python environment using three distinct steps:
✓ pytest tests/test_tool_injection.py
✓ mypy crucible/ tests/ --strict
✓ ruff check crucible/
286 tests passed

All checks passed successfully without warnings.

Checklist:

✓ My code follows the style guidelines of this project
✓ I have performed a self-review of my own code
✓ I have commented my code, particularly in hard-to-understand areas
✓ I have made corresponding changes to the documentation
✓ My changes generate no new warnings
✓ I have added tests that prove my fix is effective or that my feature works
✓ New and existing unit tests pass locally with my changes
✓ Any dependent changes have been merged and published in downstream modules