docs: add service README.md files + update AGENTS.md decisions

- Create README.md for 25+ service modules with container info, API surface, storage
- Document attestor-tileproxy separation rationale (air-gap network isolation)
- Document opsmemory-advisoryai separation rationale (resource isolation, blast radius)
- Update Timeline AGENTS.md with merged indexer info

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/Doctor/README.md

@@ -0,0 +1,18 @@
+# Doctor
+
+**Container(s):** stellaops-doctor-web, stellaops-doctor-scheduler
+**Slot:** 26 (web), scheduler  |  **Port:** 8080  |  **Consumer Group:** doctor, doctor-scheduler
+**Resource Tier:** light
+
+## Purpose
+The Doctor service runs diagnostic health checks across the entire Stella Ops platform. It uses a plugin architecture covering core services, databases, service graphs, integrations, security, observability, Docker, attestation (Rekor/Cosign), verification (SBOM/VEX/signature/policy), release pipelines, environment health, scanner/reachability, compliance/evidence, binary analysis, and timestamping (eIDAS). The Doctor Scheduler automates periodic diagnostic runs with trend analysis and alerting.
+
+## API Surface
+- `doctor` (via Router) — diagnostic run execution, report retrieval, timestamping dashboard
+- `doctor-scheduler` (via Router) — schedule management for periodic doctor runs, trend queries
+
+## Storage
+In-memory (report storage, schedule/trend repositories); PostgreSQL connection available via `ConnectionStrings:Default`
+
+## Background Workers
+- `DoctorScheduleWorker` (scheduler service) — executes scheduled diagnostic runs via HTTP calls to Doctor API