Replace ScopedStateStore __getattr__ with explicit allow-list

[sebastientaggart]

Removes the __getattr__ catch-all on ScopedStateStore that delegated unknown attribute access to the underlying StateStore. The wrapper now exposes only an explicit allow-list of proxied methods (list_state, entry_count, get_state, is_writable, set_state, clear_state), so any future write-capable method added to StateStore (e.g. bulk_set, purge) is invisible to plugins until explicitly proxied with the correct capability check.

Audit of the current StateStore surface confirmed nothing was leaking today — all public methods were already explicitly proxied, and the prior name.startswith("_") guard blocked private attributes. This change closes the latent defense-in-depth gap flagged on PR #13.

Added a regression test that injects a hypothetical bulk_set onto the underlying store and asserts it is not reachable through the scoped wrapper.

Closes #14

[sebastientaggart]

Review Summary

Verdict: APPROVE

Findings

• [NOTE] The new test mutates plugin_registry.state by attaching a bulk_set attribute; if the plugin_registry fixture is shared across tests this could leak state, so consider scoping the fixture to function level if not already.