AgentLedger v0.2.0

v0.2.0 — Cryptographic delegation proof

v1 recorded that an action matched a receipt. v2 adds cryptographic proof the
grant was real: the principal signs the receipt (Ed25519) and the verifier
checks it against a trusted key.

• Signed receipts (Receipt.sign) + agentledger.signing ([crypto] extra)
• Trusted-key verification via KeyProvider / InMemoryKeyProvider
• require_signed policy (graceful default) + per-call scopes checks
• Pluggable agent identity (IdentityProvider; Static + SPIFFE)
• New signature_verified / identity_status on proofs; new violation types
• Backward compatible: v1 unsigned receipts and v1-format logs still verify

What v2 does and does not defend against: docs/threat-model.md.
Full notes: CHANGELOG.md.