[Security] Allow organization to define "Org-level" security policy

[xingyaoww]

What problem or use case are you trying to solve?

We now have the support for LLM-based security analyzer, with prompt here openhands/agenthub/codeact_agent/prompts/security_risk_assessment.j2. We also support org-level microagent (https://docs.all-hands.dev/usage/prompting/microagents-org).

We should have the ability for user to configure a file in the .openhands org repo to override the default security_risk_assessment.j2 to customize different behaviors.

Describe the UX or technical implementation you have in mind

We need to think carefully about how the inheritance and override will work (e.g., if org and user level both exist) and how this will play with the existing microagents infra. Maybe we will want to combine this with the microagent infrastructure?

Additional context

If you find this feature request or enhancement useful, make sure to add a 👍 to the issue