Harden policy-only boundary for local PolicyFabric hook

[mdheller]

Summary

Implements the concrete hardening pass for #30: the local PolicyFabric-compatible hook now emits policy-only decisions with an explicit boundary object, and tests reject collapsed policy-to-runtime/authority/state records.

This applies the SourceOS lifecycle-boundary discipline from SourceOS-Linux/sourceos-spec#113 and PR #114:

state observation/report input = evidence
policy decision = local or remote policy evaluation
runtime effect = separate admission/effect decision
authority/grant mutation = separate Agent Registry / grant-state decision
state integrity report = ledger/report evidence only

Changes

• src/sourceos_syncd/policy.py
  • adds DecisionBoundary;
  • emits decision_boundary.decision_scope = policy-only;
  • explicitly records runtime_effect_performed=false, authority_mutation_performed=false, state_repair_performed=false, and ledger_write_performed=false;
  • validates every decision used in report policy samples/counts.
• tests/test_policy_hook.py
  • asserts emitted policy decisions carry the policy-only boundary;
  • rejects collapsed runtime-effect claims;
  • rejects collapsed authority-mutation claims;
  • verifies report samples preserve the boundary.
• docs/policy-fabric-hook.md
  • documents policy-only semantics and downstream separation.

Boundary

This PR does not add a live PolicyFabric client, perform runtime effects, mutate agent grants, repair state, write ledgers, replicate payloads, bridge exports, or write memory. It only hardens the local policy decision shape and its tests.

Closes #30.