praisonai-platform: Agent CRUD endpoints lack workspace scoping (Red)

Agent CRUD endpoints (GET/PATCH/DELETE /workspaces/{workspace_id}/agents/{agent_id}) do not enforce workspace scoping on agent lookup. The route checks workspace membership but AgentService.get/update/delete use only agent_id without filtering by workspace_id, allowing a member of any workspace to access, modify, or delete agents belonging to other workspaces.

All deployments of praisonai-platform with more than one workspace. Any authenticated user who is a member of at least one workspace can exploit this to read, modify, or delete agents in other workspaces if they know or can guess the agent UUID.

Apply the suggested fix: modify AgentService.get/update/delete to accept and use workspace_id as an additional filter, and update route handlers to pass workspace_id to these methods. Also review and fix similar patterns in IssueService, ProjectService, CommentService, and LabelService.