feat: Implement console session management with tenant and profile handling

- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information.
- Create OperatorContextService to manage operator context for orchestrator actions.
- Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata.
- Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens.
- Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation.
- Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.

docs/updates/2025-10-27-policy-scope-migration.md

@@ -0,0 +1,15 @@
+# 2025-10-27 — Policy scope migration guidance
+
+## Summary
+
+- Updated Authority defaults (`etc/authority.yaml`) to register a `policy-cli` client using the fine-grained scope set introduced by AUTH-POLICY-23-001 (`policy:read`, `policy:author`, `policy:review`, `policy:simulate`, `findings:read`).
+- Added release/CI documentation call-outs instructing operators to reissue tokens that previously relied on `policy:write`/`policy:submit`/`policy:run` scopes.
+- Introduced a repo verification script so future config changes fail CI when policy clients regress to the legacy scope bundles.
+
+## Next steps
+
+| Team | Follow-up | Target |
+|------|-----------|--------|
+| Authority Core | Rotate long-lived policy CLI tokens in staging to confirm new scope set before freezing release 2025.10. | 2025-10-29 |
+| DevOps Guild | Update automation secrets (CI/CD, offline kit) to point at the regenerated `policy-cli` credentials. | Sprint 23 stand-up |
+| Docs Guild | Fold the broader scope matrix refresh into AUTH-POLICY-23-003 once the dual-approval workflow lands. | Blocked on AUTH-POLICY-23-002 |