Add repository review-decision provenance guard

[AlonePenguin]

/claim #10

Summary

• Adds a self-contained repository-review-decision-provenance-guard/ module for Project Repository & Version Control.
• Preserves resolved merge-request review discussions as durable scientific decision records before tagged release or export.
• Checks thread/file anchors, reviewer role eligibility, resolution rationale, private-note redaction, export manifest linkage, and component coverage across manuscript/data/code/notebook/metadata.
• Emits deterministic JSON, Markdown, SVG, manifest, and H.264 MP4 reviewer artifacts from synthetic fixtures only.

Non-overlap

This is distinct from existing #10 slices such as broad repository ledgers, merge-queue unresolved-discussion gates, component-owner approval quorum, branch protection, external reference pinning, notebook output diff, fork provenance, release signatures, restore rehearsal, and automation credential rotation. This slice focuses on preserving already-resolved scientific review decisions into public-safe release/export provenance.

Validation

• npm run check
• npm test
• npm run demo
• npm run verify-video -> H.264, 960x540, 4.0 seconds
• LC_ALL=C rg -n "[^\x00-\x7F]" repository-review-decision-provenance-guard || true -> no output
• git diff --check -- repository-review-decision-provenance-guard

Attempt marker: #10 (comment)

Synthetic data only. No Git provider credentials, private repositories, DOI provider calls, identity systems, payment processors, or external APIs are used.

AI-assisted with OpenAI Codex; I reviewed and locally verified the diff before submitting.