ConversationsRepo: add userId parameter to findById, update, remove, findMessages,
and addMessage so every query filters by conversations.userId in the WHERE clause.
This prevents cross-user data access even if the controller layer were bypassed.
AgentsRepo: add optional ownerId parameter to update (enforced for user-owned agents,
omitted for admin system-agent path) and required ownerId to remove so the DELETE
WHERE clause always scopes to the requesting user's agents.
Controller call sites updated to pass userId/ownerId to the repo methods. The
resource-ownership unit test updated to reflect that findById now returns undefined
(not a foreign-user object) when ownership is checked at the DB layer.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
