#326 CRITICAL: Implement Database-Stored App Code - All Code Must Come From DB

## Problem The current app/marketplace architecture has a critical flaw: app code is loaded from disk via `importlib.import_module()` ignoring version metadata. The `python_code` entrypoint type exists in schema but raises `NotImplementedError`. ### Current Issues: 1. **No Version Isolation**: A tenant pinned to v1.0.0 runs whatever code is on disk 2. **Caching Problem**: `AppLoader._cache` caches classes in memory - no isolation 3. **python_code Not Implemented**: Despite schema support, database-stored code doesn't work 4. **Security Risk**: No code signing, validation, or sandboxing 5. **Hot Reload Broken**: Only affects API server, not workers ### Required Changes: 1. Add `source_code TEXT` column to `app_versions` table 2. Implement `python_code` entrypoint in `AppLoader._load_python_code()` 3. NO CACHING for database-stored code - fetch fresh each execution 4. Add code validation (syntax check, security scan) 5. Add code signing for integrity verification 6. Create `DatabaseCodeLoader` class for secure execution ### Acceptance Criteria: - All app code stored in database, versioned per app_version - Each execution fetches code fresh from database - Version changes are instant (no cache invalidation needed) - Code validation prevents malicious code uploads - Migration path for existing python_module apps ### Security Considerations: - Restricted `__builtins__` for sandboxing - No access to filesystem or network from app code - Code signing with HMAC for integrity - Input validation and sanitization