Add delete_proposal MCP tool for Researcher agent

## Code Review ### Spec Pattern Search (REQUIRED) - Searched for existing spec patterns: `find spec -name "*spec.rb" | sort` - Found existing spec files: - spec/requests/api/v1/mcp_spec.rb (existing, extended) - spec/requests/proposals_spec.rb (exists for proposal-related API endpoints) - Similar patterns found: Request specs follow established MCP tool testing patterns ### Test Results - Test suite run for PR files: `bundle exec rspec spec/requests/api/v1/mcp_spec.rb` - Results: **92 examples, 0 failures** ### Spec Coverage Check - Files changed: - app/controllers/api/v1/mcp_controller.rb (added delete_proposal handler) - config/tinker/mcp_permissions.yml (added delete_proposal to researcher permissions) - Required specs found: - spec/requests/api/v1/mcp_spec.rb - 8 comprehensive specs for delete_proposal: 1. Deletes own proposal with valid reason 2. Creates audit log when deleting proposal 3. Forbids deleting another agent's proposal 4. Forbids deleting executed proposals 5. Returns error for non-existent proposal 6. Requires proposal_id parameter 7. Requires reason parameter for audit trail 8. Other agent roles cannot access delete_proposal - Missing specs: **NONE** - All new code is covered ### Findings - **Code quality**: Well-structured with comprehensive validation and error handling - **Security**: - Only researchers can delete (permissions enforced via mcp_permissions.yml) - Can only delete own proposals (agent_id check) - Cannot delete executed proposals (status check) - All deletions require reason for audit trail - **Implementation**: - Clean handler with proper parameter validation - Audit logging via AgentLog for accountability - Descriptive error messages for validation failures - Returns success with proposal details on deletion - **Breaking changes**: None ### Decision **PASS** - All tests pass, comprehensive spec coverage with 8 tests covering success cases, validation, permissions, and error handling. The implementation properly restricts deletion to own proposals only, forbids executed proposals, and includes full audit logging.