Part of #1195 — Phase 2

Apply sanitization to incoming A2A messages from external agents.

Crates: zeph-a2a
Depends on: SEC-1.4

Tasks:

• Incoming A2A task messages tagged ExternalUntrusted with remote agent card URL as source
• Apply ContentSanitizer in A2A server incoming message handler
• Agent card trust allowlist in config (known agents can be elevated to LocalUntrusted)
• Unit tests with mock A2A message containing injection payload

Files: crates/zeph-a2a/src/server.rs