feat(cli): allow decnet ttp on agents (DEBT-047)

The TTP-tagging worker is now safe to run on agent hosts: EmailLifter
disk-reaches body-aware predicates from the local artifacts tree
(DEBT-035 unblocked filesystem access; DEBT-047 added the helper).

Drop `ttp` from MASTER_ONLY_COMMANDS in cli/gating.py and remove the
defence-in-depth `_require_master_mode("ttp")` call in cli/ttp.py.
`ttp-backfill` walks the master DB and stays master-only.

decnet/cli/gating.py

@@ -30,7 +30,10 @@ MASTER_ONLY_COMMANDS: frozenset[str] = frozenset({
     "mutate", "listener", "profiler",
     "services", "distros", "correlate", "archetypes", "web",
     "db-reset", "init", "webhook", "clusterer", "campaign-clusterer",
-    "ttp", "ttp-backfill",
+    # `ttp` runs on agents — local SMTP decoys persist .eml files into the
+    # agent's artifacts tree and the EmailLifter disk-reaches them in-process
+    # (DEBT-047). `ttp-backfill` stays master-only: it walks the master DB.
+    "ttp-backfill",
 })
 MASTER_ONLY_GROUPS: frozenset[str] = frozenset(
     {"swarm", "topology", "geoip", "realism"}

decnet/cli/ttp.py

@@ -55,12 +55,9 @@ def register(app: typer.Typer) -> None:
         ),
     ) -> None:
         """TTP-tagging worker — MITRE ATT&CK technique tagging."""
-        from decnet.cli.gating import _require_master_mode
         from decnet.ttp.worker import run_ttp_worker_loop
         from decnet.web.dependencies import repo
 
-        _require_master_mode("ttp")
-
         if daemon:
             log.info("ttp daemonizing poll=%s", poll_interval_secs)
             _utils._daemonize()