fix: restrict access to scoped capsules (#22113)

[AztecBot]

Summary

Backport of #22113 to v4-next.

Introduces a CapsuleService wrapper that enforces scope-based access control on capsule operations invoked through oracles, ensuring they are within the scopes authorized for the current execution context.

Cherry-pick conflicts

Conflicts were in docs files only:

• docs/docs-developers/docs/resources/migration_notes.md — positional conflict in TBD section (incoming content for capsule scope enforcement note + ## 4.2.0-aztecnr-rc.2 header)
• docs/netlify.toml — missing /errors/9 and /errors/10 redirect entries

Both resolved by accepting the incoming content. All TypeScript changes applied cleanly.

Test plan

• CI passes on backport branch
• Capsule scope enforcement works as described in migration notes

[AztecBot]

Flakey Tests

🤖 says: This CI run detected 1 tests that failed, but were tolerated due to a .test_patterns.yml entry.

\033FLAKED\033 (8;;http://ci.aztec-labs.com/d803f7f2dea4785f�d803f7f2dea4785f8;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_epochs/epochs_l1_reorgs.parallel.test.ts "updates L1 to L2 messages changed due to an L1 reorg" (66s) (code: 0) group:e2e-p2p-epoch-flakes