feat(sdk): out of box controls phase 2

[namrataghadi-galileo]

Summary

• Added the Phase 2 static out-of-box control catalog so new installs seed useful non-Luna controls at startup.
• Included regex PII/shell controls, JSON approval controls, and list-based RBAC/tool allowlist controls using the Phase 1 idempotent bootstrap path.

Scope

• User-facing/API changes: No API contract changes. Seeded controls will appear in the existing Controls tab/list after startup.
• Internal changes: Populated OUT_OF_BOX_CONTROL_TEMPLATES and expanded bootstrap/evaluator behavior tests.
• Out of scope: Phase 3 Luna scorer metadata lookup and org-scoped Luna control generation.

Risk and Rollout

• Risk level: low
• Rollback plan: Revert the Phase 2 catalog additions in server/src/agent_control_server/bootstrap/out_of_box_controls.py, or remove specific templates from OUT_OF_BOX_CONTROL_TEMPLATES.

Testing

• Added or updated automated tests
• Ran make check (not run because uv dependency resolution hit private index/auth issues previously)
• Manually verified behavior via targeted server tests, full server test suite, server lint, and server mypy using the existing .venv

Checklist

• Linked issue/spec (Phase 2 from OOTB controls technical spec)
• Updated docs/examples for user-facing changes: N/A, no API/docs contract changes
• Included any required follow-up tasks: Phase 3 Luna controls remain follow-up work

[codecov]

Codecov Report

❌ Patch coverage is 91.66667% with 11 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...nt_control_server/bootstrap/out_of_box_controls.py	93.33%	7 Missing ⚠️
...ver/src/agent_control_server/endpoints/controls.py	80.00%	4 Missing ⚠️

📢 Thoughts on this report? Let us know!