feat: add ReadOnlySessionManager wrapper for read-only sessions

[mohanasudhan]

Motivation

In multi-tenant systems, agents often need to load shared session context (conversation history, state) without persisting per-request interactions back to storage. Currently there's no way to use a session manager in a read-only capacity — all session managers write on every lifecycle event.

This PR introduces a ReadOnlySessionManager wrapper that delegates read operations (initialize, restore state) to any inner session manager while no-oping all write operations (append, sync, redact). Read-only enforcement lives entirely at the SessionManager level, meaning all write calls are blocked regardless of caller — Agent hooks, direct calls, or custom code.

Resolves: #2020

Public API Changes

New ReadOnlySessionManager class wraps any existing session manager:

# Before: no way to load a session without writing back
agent = Agent(
    session_manager=S3SessionManager(session_id="tenant-123", bucket="my-bucket")
)

# After: wrap any session manager to make it read-only
from strands.session import ReadOnlySessionManager, S3SessionManager

inner = S3SessionManager(session_id="tenant-123", bucket="my-bucket")
agent = Agent(session_manager=ReadOnlySessionManager(inner))

The wrapper is a SessionManager subclass, so it works anywhere a session manager is accepted. The inner session manager is accessible via _inner for inspection. No changes to SessionManager, Agent, or any concrete session manager implementation.

Use Cases

• Multi-tenant shared context: Load a baseline session (e.g., system prompts, shared conversation history) for each request without polluting the shared session with per-request messages
• Replay/debugging: Load a historical session to inspect or replay without risk of modifying the stored data
• A/B testing: Load the same session into multiple agents with different configurations, ensuring the source session remains unchanged