fix(findings-ledger): make initial migration idempotent for replay

Wraps ENUM type creation in findings.ledger schema with DO blocks that catch
duplicate_object so migration 001 can re-run on a partially-provisioned DB
without crashing. Minor corrections to 002 and 005 (syntax alignment).
Updates RLS contract + operations docs to reflect the replay-safe semantics.
WebService + persistence csproj get the Infrastructure.Postgres migration
reference needed for StartupMigrationHost wiring.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/contracts/findings-ledger-rls.md

@@ -352,6 +352,8 @@ COMMIT;
 
 ### Rollback: `007_enable_rls_rollback.sql`
 
+This rollback script remains a manual operator tool. It is not embedded into the service startup migration assembly, so forward startup will not flag it as a pending release migration.
+
 ```sql
 BEGIN;
 

docs/modules/findings-ledger/operations/rls-migration.md

@@ -19,7 +19,7 @@ Migration `007_enable_rls.sql` enables Row-Level Security (RLS) on all Findings
 | File | Purpose | SHA256 |
 |------|---------|--------|
 | `007_enable_rls.sql` | Apply RLS policies | (generated at build time) |
-| `007_enable_rls_rollback.sql` | Revert RLS policies | (generated at build time) |
+| `007_enable_rls_rollback.sql` | Revert RLS policies | manual script on disk; excluded from embedded startup migrations |
 | `007_enable_rls.manifest.json` | Metadata for offline-kit | (generated at build time) |
 
 ## Protected Tables
@@ -110,6 +110,8 @@ The rollback:
 - Removes the `findings_ledger_app` schema and tenant function
 - Does NOT drop the `findings_ledger_admin` role (preserves other grants)
 
+`007_enable_rls_rollback.sql` is intentionally kept out of the service's embedded startup migrations so normal boot does not treat rollback as pending forward work.
+
 ## Validation Checklist
 
 After applying the migration, verify: