feat: restrict which skill sources Codex can load

[viyatb-oai]

Why

Once managed requirements can describe approved skill sources, that policy needs to affect the actual skill roots Codex loads. Otherwise an enterprise admin can author a requirement that looks restrictive but still leaves user or repo-local skills effective at runtime.

What changed

• Map each skill root to its managed source category: user, repo, system, admin, or plugin.
• Filter discovered roots against skills.allowed_sources before they become effective.
• Include managed source restrictions in the cwd cache key so a previously unrestricted load cannot be reused after policy tightens.

Example config.toml

With the managed requirements stack applied, an approved marketplace can still appear in user config.toml like this:

[features]
plugins = true

[marketplaces.approved-marketplace]
source_type = "git"
source = "https://github.com/example/approved-marketplace.git"

There is intentionally no user-writable allowed_sources key in config.toml; skill-source restrictions are enforced only from managed requirements.

Verification

• Added regression coverage for managed source filtering in codex-rs/core-skills/src/manager_tests.rs.
• Added regression coverage for cache separation when managed allowed_sources changes.

Stack

• feat: prepare managed controls for skills and marketplaces #21462: internal managed artifact requirement plumbing
  --> feat: restrict which skill sources Codex can load #21457: managed skill enforcement
• feat: restrict which plugin marketplaces Codex can use #21458: core plugin allowlist enforcement
• feat: enforce marketplace restrictions at plugin entry points #21459: plugin entrypoint enforcement
• feat: let admins configure managed skill and marketplace controls #21413: managed artifact requirements activation