I been looking into MPK/Extended Keys and been wondering how does it really work when it comes to leaving the wallet (eg seed, private key, etc) in cold storage. I been looking into using it for an application without having to expose the private key itself. I did read over BIP32 but my main question is how does one spend from the addresses generated with the master public keys
You need to have the private keys corresponding to those addresses. The extended public keys (aka mater public key, any key can be a master key) are just normal ECDSA keys and they have a private key from which they are actually derived. You must have that private key (which can also be a master private key) in order to spend the Bitcoin associated with an address. The only special thing about HD wallets is the fact that the private keys are derived from previous private keys except for the first (the seed, or master private key of a HD wallet).and how would I get the list of addresses generated within the wallet such as electrum (regardless of if its software wallet or hardware)?
If you are using non-hardened keys, then you just need to follow the steps specified in BIP 32 in order to derive addresses from a public key. If you use hardened keys, then you can only derive private keys; the master public key will not work. With hardened keys, you derive the private keys from the master private key and then derive the addresses from those private keys.I been reading it is good to only use MPK for a watch-only type of thing and not to share it (for security and privacy reasons), but if the addresses are generated, how would it be linked back to the private key to be spendable? E.g. say if I get the MPK from electrum or a hardware wallet such as trezor or keepkey, addresses are generated with the MPK from the application, how would they be spendable using the wallet itself?
This is part of the math of deterministic wallets. With non-hardened keys, the public key derived from a parent public key will have its private key be able to be derived from the private key of the parent public key. That is how wallets get the private keys in order to spend, they must know the master private key.Would the addresses be easily accessible? I know there are libraries such as pycoin and the like but I just want to get a better understanding of the whole thing before proceeding with what I am planning on doing.
What do you mean? The extended public and private keys are normal ECDSA keys. They have corresponding normal addresses. Given an address, you cannot tell what wallet it is in, what private key its private key was derived from, what public key its public key was derived from, and whether its even part of a deterministic keychain at all. 