v1.6.0 — auth-native routing
Route a task to a worker by capability, where capability is the auth scope set. Router.register(worker, scopes) / route(required) returns a capable worker (round-robin), or None if none is — the same scopes that gate tool calls decide who is capable, so work can't be routed to an unauthorized agent. The differentiator the harness-comparison research called out. Additive; 292 tests, mypy --strict, ruff, catalog freshness all green.