[TASK] Refactor browser session management for multi-tenant isolation #40
Description
Summary
The browser agent currently uses a shared default browser session across all tasks, creating security and isolation risks in multi-tenant environments. Each task should create a dedicated browser session that is automatically cleaned up when the task completes.
Current Issue: All skills use GetOrCreateDefaultSession() which returns a single shared "default" session that persists across all incoming tasks from all users/tenants.
Security Risks:
- Cookies and authentication state shared between tenants
- Local/session storage, cache, and browser history leakage
- Session hijacking across tenant boundaries
- GDPR/compliance violations
Acceptance Criteria
- Each A2A task creates a new isolated browser session on start
- Browser sessions are automatically closed when tasks complete or fail
- Remove shared default session pattern from all skills
- Add timeout-based cleanup for orphaned sessions
- Update all skill tests to use task-scoped sessions
- Add multi-tenant isolation tests
- Document performance impact (~1-2s overhead per task)