fix(backend): Deny public direct access to marketplace-listed graphs

[Pwuts]

Warning

• Blocked by Let agent creator specify whether graph should be open-source #9549

In the future, agent creators will be able to specify whether the the graph of their marketplace-listed agent should be publicly accessible (open-source).
Pending this functionality, we want to prevent users from directly accessing graphs that don't belong to them, even if they have a corresponding marketplace listing.

This only prohibits direct read access, not usage of the graph such as running it.

Changes 🏗️

• Make access control to marketplace-listed graphs "default deny" in backend.data.graph.get_graph(..)
  • Add ignore_ownership_if_listed_in_marketplace=True to get_graph calls where necessary

Checklist 📋

For code changes:

• I have clearly listed my changes in the PR description
• I have made a test plan
• I have tested my changes according to the test plan:
  • ...

Example test plan

• Create from scratch and execute an agent with at least 3 blocks
• Import an agent from file upload, and confirm it executes correctly
• Upload agent to marketplace
• Import an agent from marketplace and confirm it executes correctly
• Edit an agent from monitor, and confirm it executes correctly

[netlify]

✅ Deploy Preview for auto-gpt-docs-dev canceled.

Name	Link
🔨 Latest commit	874280b
🔍 Latest deploy log	https://app.netlify.com/sites/auto-gpt-docs-dev/deploys/67c1c89035bfe80008eeffdd

[deepsource-io]

Here's the code health analysis summary for commits 52ee7d1..874280b. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Python	✅ Success	❗ 44 occurences introduced 🎯 37 occurences resolved	View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[netlify]

✅ Deploy Preview for auto-gpt-docs canceled.

Name	Link
🔨 Latest commit	874280b
🔍 Latest deploy log	https://app.netlify.com/sites/auto-gpt-docs/deploys/67c1c8906337a600088578f7

[ntindle]

This feels like the ui for blocking this access should come before the blocking since most of the agents we have are to teach people how to use the platform right?

[github-actions]

This pull request has conflicts with the base branch, please resolve those so we can evaluate the pull request.

[Pwuts]

@ntindle I've created #9549 to track the blocking issue, thanks for pointing it out

[Pwuts]

Update: for now we'll make all graphs open-source by default, allowing read access to all (published) graphs by all users (ofc still denying write access to anyone other than the owner).

When #9549 is addressed, this PR can be reopened, or the changes included.