v0.1.0-alpha

Initial pre-release.

• PAM session module binding nftables rules to cgroupv2 session inodes
• Seccomp-BPF sandbox with SCMP_ACT_KILL default
• Transient systemd scopes under authnft.slice via D-Bus
• 24-hour timeout safety net on set elements
• Per-user root-owned nftables fragments
• Unit and integration test suites