Respect has_module_permission() to hide models from discovery

## Description

Django admin's `has_module_permission()` method controls whether a user can see models in the admin index. This is currently not checked by the MCP, allowing users to discover and potentially access models they shouldn't see.

## Current Behavior

The `find_models` tool returns all models with `MCPAdminMixin` regardless of the user's module-level permissions.

## Expected Behavior

The `find_models` tool should:
1. Check `has_module_permission()` for each model's app
2. Only return models where the user has module permission
3. Hide models entirely from discovery if permission is denied

## Django Admin Reference

```python
class SecretModelAdmin(MCPAdminMixin, admin.ModelAdmin):
    def has_module_permission(self, request):
        # Only superusers can see this in admin index
        return request.user.is_superuser
```

## Security Implications

Without this check, users can:
- Discover model names they shouldn't know about
- Potentially probe for additional access

## Implementation Notes

- Add `has_module_permission()` check in `find_models` handler
- Consider caching permission results for performance
- Ensure consistent behavior with individual tool permissions

## Labels
enhancement, security

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Respect has_module_permission() to hide models from discovery #64

Description

Current Behavior

Expected Behavior

Django Admin Reference

Security Implications

Implementation Notes

Labels

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Respect has_module_permission() to hide models from discovery #64

Description

Description

Current Behavior

Expected Behavior

Django Admin Reference

Security Implications

Implementation Notes

Labels

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions