[Phase 1.3.2] Fix allow_from to default-deny on empty list

[richard-devbot]

Phase

Phase 1 — Critical Security | Track 1.3 — Authentication & Access | Priority: P1 HIGH

Vulnerability Details

Files: Gateway channel implementations (telegram.py, discord.py, slack.py)
CWE: CWE-284 — Improper Access Control

The `allow_from` config has ambiguous semantics. SECURITY.md says empty = deny all, but code may treat it as allow all depending on implementation.

Fix

• Explicit default-deny: empty `allow_from` = no one allowed
• Log WARNING when allow_from is empty (likely misconfiguration)
• Add `"allow_from": ["*"]` syntax for explicit allow-all
• Consistent behavior across all channel implementations

Acceptance Criteria

• Empty allow_from blocks all users with WARNING log
• Explicit `["*"]` required for allow-all
• Behavior consistent across Telegram, Discord, Slack, Twitch, MQTT
• Security tests for each channel type
• Documentation updated

References

• CWE-284
• Design Doc: docs/plans/2026-03-29-security-ai-guardrails-performance-design.md