Add runtime observability and capability governance contracts

[mdheller]

Summary

Adds the runtime observability and capability governance contract family proposed in #99.

This tranche captures the lessons from runtime, browser, terminal, session, and runtime-install logs as typed SourceOS contracts. The goal is to make effective capability state, browser assistance sessions, Git workspace classification, orphan lifecycle-event recovery, and runtime install provenance explicit, receipt-backed, and validator-friendly.

Added schemas

• schemas/CapabilityLedger.json
• schemas/BrowserAutomationReceipt.json
• schemas/GitWorkspaceState.json
• schemas/OrphanEventReceipt.json
• schemas/RuntimeInstallReceipt.json

Added canonical examples

• examples/capabilityledger.json
• examples/browserautomationreceipt.json
• examples/gitworkspacestate.json
• examples/orphaneventreceipt.json
• examples/runtimeinstallreceipt.json

Validation

Adds tools/validate_runtime_observability_examples.py and wires it into make validate through validate-runtime-observability-examples.

The validator checks:

• JSON Schema Draft 2020-12 conformance
• unique example IDs
• required URN prefixes
• non-empty evidenceRefs
• required policyDecisionRef
• timestamp parseability
• no raw path storage in GitWorkspaceState
• browser-session timestamp ordering
• orphan-event recovery/quarantine consistency
• compact runtime-install log mode in the canonical example

Documentation

• Adds docs/runtime-observability-contracts.md as the contract catalog and downstream rollout guide.
• Adds docs/adr/0012-runtime-observability-capability-governance.md documenting rationale, constraints, validation, and ownership.
• Updates CHANGELOG.md.
• Updates Makefile validation target.

Downstream implementation links

• Browser surface: Implement BrowserAutomationReceipt and visible automation session controls BearBrowser#25
• Terminal surface: Implement GitWorkspaceState classifier and Git probe severity discipline agent-term#39
• Shell/capability surface: Implement CapabilityLedger contract and UI/runtime capability reconciliation sourceos-shell#12
• Sociosphere/session recovery surface: Implement OrphanEventReceipt and session-quarantine protocol SocioProphet/sociosphere#283

Review checklist

• Schema names and URN prefixes are stable.
• Required fields are sufficient for auditability.
• Canonical examples validate with make validate-runtime-observability-examples.
• Example references form a coherent trace story.
• GitWorkspaceState does not require raw path storage.
• Runtime install receipt uses compact receipt references rather than full manifest log payloads.
• Downstream implementation issues are linked and scoped.

Branch state before PR

Compared with main, this branch is ahead by 15 commits and behind by 0 at PR creation time.