refactor(network): remove orphaned internal-service MCP host allowlists

[Copilot]

Summary

mcp_required_hosts() silently auto-added Microsoft-internal hosts to the network allowlist whenever a user's mcp-servers: key matched a hardcoded identifier (kusto, icm, bluebird, es-chat, msft-learn, asa, stack, calculator, github). These arms predate ado-aw, were inherited from the initial compiler import, and escaped the "remove built-in MCP concept" purge (f25c15b) that deleted mcp-metadata.json, mcp_firewall.rs, and mcp_metadata.rs.

Changes (src/allowed_hosts.rs):

• Removed all nine internal-service match arms. Unknown MCP names now fall through to _ => &[] — users declare hosts explicitly via network.allowed, like any other custom MCP.
• Kept the ado/ado-ext arm, still consumed by the always-on azure-devops tool extension (src/tools/azure_devops/extension.rs). Dropping github is a no-op since GitHub hosts are already in CORE_ALLOWED_HOSTS.
• Tests: replaced test_mcp_hosts_kusto with test_mcp_hosts_ado; added test_mcp_hosts_internal_services_removed to lock in the removal.

Follow-up: draft PR #967, which documented these orphans as intended behavior, should be closed rather than merged.

Test plan

• cargo test --bin ado-aw — 1838 passed
• cargo clippy --all-targets --all-features — clean
• Confirmed the complete-agent.md fixture (which uses these names as generic MCP keys) still compiles to valid YAML; no test asserted on the auto-added hosts.