feat(security): grow Yerin's toolset (pending_review, resource_exposure, token_audit)

Three more read-only tools on securityRegistry:
- pending_review: agent-proposed changes awaiting approval (injection surface)
- resource_exposure: host/url/status attack-surface inventory (resources.listExposure,
  scalar cols only — no monitoring/metadata/credentials)
- token_audit: token label/last_used/revoked, never the hash

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

lib/ai/agent/tools/security/resource_exposure.js

@@ -0,0 +1,14 @@
+import * as resources from '../../../../db/repos/resources.js';
+
+// Attack-surface inventory: every resource's host/url/status across all spaces.
+// Backed by resources.listExposure (scalar columns only — no monitoring/metadata
+// JSON, no credentials).
+export const resourceExposureTool = {
+  name: 'resource_exposure',
+  description: 'Inventory of all resources (services/hosts) with their host, url and status — the reachable attack surface. Use to spot exposed or unexpected services. Never includes secrets or monitoring config.',
+  input_schema: { type: 'object', properties: {} },
+  async handler(_args, _ctx) {
+    const resourceList = await resources.listExposure();
+    return { resources: resourceList };
+  }
+};