feat(policy): MCP registry allow/deny lists in apm-policy.yml

[danielmeppiel]

Context

Gap identified during PR #365 review. The mcp.allow/mcp.deny lists only match against server names, not registry sources.

Problem

A developer can point to an arbitrary registry URL:

mcp:
  - name: my-server
    registry: "https://untrusted-registry.example.com"

This passes all MCP policy checks as long as the server name matches an allowed pattern. The MCPDependency.registry field is never inspected by any policy check.

Proposed Solution

Add registries section to McpPolicy schema:

mcp:
  registries:
    allow:
      - "https://registry.mcphub.io"
      - "https://internal.corp.net/mcp"
    deny:
      - "https://*.untrusted.example.com"
  allow: ["*"]          # existing server-name allow list
  self_defined: deny    # existing self-defined control

The check inspects MCPDependency.registry for every MCP dep and validates it against the registry allow/deny list using the existing _check_allow_deny() glob engine from matcher.py.

Rationale

Enterprise supply-chain security requires orgs to ensure MCP servers are resolved only from vetted registries. This is especially relevant as MCP server registries proliferate.

Acceptance Criteria

• mcp.registries.allow and mcp.registries.deny fields in schema
• Check inspects MCPDependency.registry against registry policy
• Uses existing _check_allow_deny() glob engine
• Non-breaking: absent registries section means "allow all" (default)
• Tests cover registry allow, deny, and mixed patterns