FEAT Add cross-domain prompt injection orchestrator

[romanlutz]

Description

Adding an orchestrator for a simple XPIA scenario:

• medium target uploads attack file to Azure storage
• processing target retrieves file from prompt and executes XPIA
• scorer examines output to see if injected string shows up

In a "real" XPIA scenario we need a processing target that has the plugin/skill to retrieve content by itself.

In the future, we will support more mediums & locations (such as files on Azure storage, e.g., emails or PDFs).

Tests and Documentation

Tests included for the orchestrator.

[cseifert1]

Great to see XPIA coming together, Roman!

Let's assume the XPIA attack will cause an action to be taken, like sending an email. The success of the XPIA would be determined by a scorer, which would need to connect to an email inbox to see whether the action was taken. Is that what you are thinking?