- Reformat opfilter decision log lines into pipe-separated key=value
  pairs: action, policy_version, policy_name, path, access_type,
  decision, operation_id, pid, ppid, process, processpath, uid, user,
  gid, group, team_id, codesigning_id, ancestry_tree
- ancestry_tree uses (process=…,…)->(process=…,…) notation per ancestor
- Add RuleSource (.builtin/.user/.mdm) to FAARule and PolicyDecision so
  policy_version reflects the rule's origin (git SHA / "user" / "mdm")
- Extend ProcessRecord and AncestorInfo with uid/gid; OpenFileEvent gains
  parentPID, uid, gid sourced from the ES audit token
- Resolve uid→username and gid→groupname via getpwuid/getgrgid at log time
- Fix log levels across the project:
  - Decision events: .log() (default)
  - Operational opfilter events: .info() or .debug()
  - Convert all NSLog in XPCServer, XPCClient, SystemExtensionManager,
    AppProtectionStore to os.Logger with debug/info/error/fault levels

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>