feat: add PolicyPackSelectorComponent with tests and integration

- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.

src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/PackRunApprovalDecisionService.cs

@@ -1,6 +1,7 @@
 using Microsoft.Extensions.Logging;
 using StellaOps.TaskRunner.Core.Execution;
 using StellaOps.TaskRunner.Core.Planning;
+using System.Text.RegularExpressions;
 
 namespace StellaOps.TaskRunner.Infrastructure.Execution;
 
@@ -34,6 +35,14 @@ public sealed class PackRunApprovalDecisionService
         var runId = request.RunId.Trim();
         var approvalId = request.ApprovalId.Trim();
 
+        if (!IsSha256Digest(request.PlanHash))
+        {
+            _logger.LogWarning(
+                "Approval decision for run {RunId} rejected – plan hash format invalid (expected sha256:<64-hex>).",
+                runId);
+            return PackRunApprovalDecisionResult.PlanHashMismatch;
+        }
+
         var state = await _stateStore.GetAsync(runId, cancellationToken).ConfigureAwait(false);
         if (state is null)
         {
@@ -101,6 +110,14 @@ public sealed class PackRunApprovalDecisionService
 
         return PackRunApprovalDecisionResult.Applied;
     }
+
+    private static bool IsSha256Digest(string value)
+        => !string.IsNullOrWhiteSpace(value)
+           && Sha256Pattern.IsMatch(value);
+
+    private static readonly Regex Sha256Pattern = new(
+        "^sha256:[0-9a-f]{64}$",
+        RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.IgnoreCase);
 }
 
 public sealed record PackRunApprovalDecisionRequest(