docs: add secure tool execution how-to for delegated tool calls

[Christopher (PetrefiedThunder)]

Summary

Add a new LangChain Python docs page for secure tool execution patterns when tools can trigger side effects.

This PR adds:

• src/oss/langchain/secure-tool-execution.mdx
• src/docs.json navigation entry under Open source -> Python -> LangChain -> Core components

Why

Teams deploying tools in production often need explicit patterns for:

• authorize-before-execute
• budget-aware deny behavior
• fail-closed execution
• receipt-based auditability

Scope

• Docs-only change
• No runtime/package changes
• No generated reference docs touched

Related

Closes #2787
Migrated from: langchain-ai/langchain#35413

AI assistance disclosure

This PR text and draft content were prepared with AI assistance and reviewed by the author.

[github-actions]

❌ Import check failed

This PR contains imports from langchain_core that should be imported from langchain instead.

Detailed issues

Analyzing diff for import issues...
 Found 1 import issues:

File: src/oss/langchain/secure-tool-execution.mdx
Line: 43
Issue: Import from langchain.tools instead of langchain_core.tools
Current:   from langchain_core.tools import tool
Suggested: from langchain.tools import tool
--------------------------------------------------------------------------------

 Found 1 import issues that need to be fixed.

Why this is a problem

The langchain package re-exports many modules and classes from langchain_core. When possible, imports should use langchain instead of langchain_core for:

• Better user experience (single import source)
• Consistency across documentation
• Reduced cognitive load for users

How to fix

Replace the imports as suggested above. For example:

• ❌ from langchain_core.messages import HumanMessage
• ✅ from langchain.messages import HumanMessage

🤖 Automated check

This check is based on the latest analysis of langchain re-exports from langchain_core.

[Christopher (PetrefiedThunder)]

Updated per CI import feedback and marked this PR ready for review. All required checks are now passing on commit d823884.

[Christopher (PetrefiedThunder)]

Friendly follow-up on this docs addition. The PR is ready for review and all checks are passing on commit d823884. Please let me know if any changes are needed and I can update quickly. Thanks.