LLM06: clarify delegated authorization context

[xmuruaga]

Summary

Clarifies delegated and multi-agent authorization context in LLM06.

This PR makes three small changes:

1. Adds a Common Example of Risk for excessive permissions in delegated or multi-agent workflows.
2. Adds one sentence to Mitigation 5 explaining that delegated or multi-agent workflows should preserve the original user context and authorization scope across chained extension or agent calls.
3. Adds a short attack scenario showing how a trusted internal agent or extension can become a confused deputy when a downstream action is authorized only from the immediate caller or service identity.

Why

The current entry already covers excessive permissions, user-context execution, and complete mediation. This change clarifies how those principles apply to chained workflows, where each individual step may look legitimate but the overall chain can exceed the original user's authority.

Review checklist

• Common Example added under Excessive Permissions.
• Mitigation 5 updated with delegated / multi-agent authorization context.
• Scenario 2 added under Example Attack Scenarios.
• Heading levels and section structure unchanged.
• No new references or framework mappings added.