feat: Implement Scheduler Worker Options and Planner Loop

- Added `SchedulerWorkerOptions` class to encapsulate configuration for the scheduler worker.
- Introduced `PlannerBackgroundService` to manage the planner loop, fetching and processing planning runs.
- Created `PlannerExecutionService` to handle the execution logic for planning runs, including impact targeting and run persistence.
- Developed `PlannerExecutionResult` and `PlannerExecutionStatus` to standardize execution outcomes.
- Implemented validation logic within `SchedulerWorkerOptions` to ensure proper configuration.
- Added documentation for the planner loop and impact targeting features.
- Established health check endpoints and authentication mechanisms for the Signals service.
- Created unit tests for the Signals API to ensure proper functionality and response handling.
- Configured options for authority integration and fallback authentication methods.

EPIC_1.md

@@ -271,7 +271,7 @@ A dedicated write guard refuses `effective_finding_*` writes from any caller tha
 ### 3.12 Security and tenancy
 
 * Every raw doc carries a `tenant` field.
-* Authority enforces `advisory:write` and `vex:write` scopes for ingestion endpoints.
+* Authority enforces `advisory:ingest` and `vex:ingest` scopes for ingestion endpoints.
 * Cross‑tenant reads/writes are blocked by default.
 * Secrets never logged; signatures verified with pinned trust stores.
 
@@ -375,7 +375,7 @@ Breakdown by component with exact work items. Each section ends with the imposed
 
 ### 6.5 Authority
 
-* [ ] Introduce scopes: `advisory:write`, `advisory:read`, `vex:write`, `vex:read`, `aoc:verify`.
+* [ ] Introduce scopes: `advisory:ingest`, `advisory:read`, `vex:ingest`, `vex:read`, `aoc:verify`.
 * [ ] Add `tenant` claim propagation to ingestion services.
 
 **Imposed rule:** Work of this type or tasks of this type on this component must also be applied everywhere else it should be applied.