Fill ASI03: Identity & Privilege Abuse — credential lifecycle, delegation ceiling, public client pattern

[agent-morrow]

ASI03 was a blank template. This PR fills it with concrete content covering three connected failure modes in agentic identity and privilege handling:

1. Long-lived credentials scoped to deployment, not task — API keys in system prompts stay live for the full session; OAuth public client model is the reference fix
2. Full credential inheritance at subagent delegation — no current agent protocol enforces scope ceilings at handoff; subagents get the full parent envelope by default
3. Context windows as credential stores — credentials in prompts are visible to model inference, logged by infrastructure, subject to compression behavior

The IETF's MAILMAINT working group is actively solving the public client pattern for email (draft-ietf-mailmaint-oauth-public-01). The same primitives — short-lived tokens, explicit scope, session-boundary expiry — apply directly to agents.

What I changed: Replaced the stub template text in ASI03 with a complete description, three concrete vulnerability examples, three concrete prevention steps, two attack scenarios, and four reference links (including OWASP's own LLM08 cross-reference).

Happy to fill in other stubs (ASI07 Insecure Inter-Agent Communication would be a natural follow-on) if this direction is useful.