Allow Guest+ to execute custom agents in foreground (Agentic Chat)

Summary

As part of the DAP permission [Backend] Role-based permissions controls for DAP (&19743), we need to loosen permissions for custom agents executing in the foreground (Agentic Chat) from Developer+ to Guest+.

Background

Currently, custom agents accessible in Agentic Chat require Developer+ permissions. However, there is no technical reason preventing Guest+ access for foreground execution of custom agents.

By allowing Guest+ to execute custom agents in the foreground, we can create a unified "Execute foreground" permission that covers:

• Agentic Chat
  • Foundational agents (foreground)
  • Custom agents (foreground)
• Foreground flows: Software Development Flow in the IDE.

Implementation

Update the relevant policy files to allow Guest+ access for custom agent execution in the foreground (Agentic Chat context).

Constraints

Background execution (requiring CI Pipeline) will continue to require Developer+ permissions.

Related

• Spike issue: #582055 (closed)
• Related MR: (will be linked once foreground flows MR is created)