Python: Default Dapr module allowlist to semantic_kernel prefix

[moonbox3]

Motivation and Context

Follow-up to #13499. The previous PR added the allowed_module_prefixes parameter but defaulted it to None, which meant the module restriction was only active if developers discovered and configured it. Secure-by-default is the right posture here — restrict first, let developers widen as needed.

• Change allowed_module_prefixes default from None to ("semantic_kernel.",) across Dapr runtime step loading
• Non-SK step classes now require developers to explicitly add their module prefix (e.g. ("semantic_kernel.", "myapp.steps."))
• Developers can pass None to opt out entirely, but the secure default is now enforced
• The Dapr runtime code is experimental, so this is a non-breaking change per our stability guarantees

Contribution Checklist

• The code builds clean without any errors or warnings
• The PR follows the SK Contribution Guidelines and the pre-submission formatting script raises no violations
• All unit tests pass, and I have added new tests where possible
• I didn't break anyone 😄

[moonbox3]

Python Test Coverage Report •

File	Stmts	Miss	Cover	Missing
processes
step_utils.py	52	0	100%
processes/dapr_runtime
dapr_kernel_process_context.py	41	3	92%	42, 44, 47
dapr_process_info.py	33	4	87%	35, 40, 50, 57
dapr_step_info.py	26	1	96%	51
processes/dapr_runtime/actors
step_actor.py	265	61	76%	106, 109, 113–114, 126–128, 172–175, 193, 197, 201, 227, 235–236, 252–254, 257–262, 265–267, 274–275, 289, 293–295, 298–299, 316, 333–334, 339, 370–372, 392, 432, 444–452, 455, 458–462
TOTAL	28165	4829	82%

Python Unit Test Overview

Tests	Skipped	Failures	Errors	Time
3835	23 💤	0 ❌	0 🔥	1m 47s ⏱️