Guard shared event bus tenant transitions

[minorstep]

Summary:

• Add an orchestrator event-intake guard that validates tenant ownership before shared-bus lifecycle state is committed.
• Reject stale revisions, stale attempts, cross-tenant transitions, and lifecycle rewrites after terminal states while preserving current state.
• Record sanitized audit decisions and accepted/rejected metrics without storing event payloads or runtime private data.
• Include small upstream suite-health fixes for AgentStatus export and MetricsCollector timer lock re-entry so the full suite can prove the change.

Verification:

• /tmp/agent-orchestration-1857-venv/bin/python -m pytest -q tests/test_orchestrator_event_intake.py tests/test_metrics.py tests/test_agent_registry.py
• /tmp/agent-orchestration-1857-venv/bin/python -m pytest -q
• /tmp/agent-orchestration-1857-venv/bin/python -m flake8 src/orchestrator/engine.py src/common/metrics.py src/agent/init.py tests/test_orchestrator_event_intake.py
• /tmp/agent-orchestration-1857-venv/bin/python -m compileall -q src tests
• git diff --check
• gh repo view orchestration-agent/AgentOrchestration --json viewerHasStarred --jq .viewerHasStarred => true

/attempt #1870
/claim #1870
Closes #1870