v0.1.5 - API contract hardening

Maintenance evidence release for Codex for OSS review.\n\n- Added public API/MCP contract tests covering route envelopes, policy shape, scenario list, analyze/audit persistence, escalation decisions, signed MCP receipt verification, and tamper failure.\n- Bounded /v1/audit/latest limit to 1..100 via FastAPI validation.\n- Synced README verification evidence to 102 passing tests.\n- CI and CodeQL are green on this commit; open code-scanning alerts remain 0.