Add new features and tests for AirGap and Time modules

- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.

docs/modules/orchestrator/prep/2025-11-20-airgap-56-001-prep.md

@@ -0,0 +1,12 @@
+# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-56-001
+
+Status: Draft (2025-11-20)
+Owners: Orchestrator Service Guild · AirGap Policy Guild
+Scope: Awaiting AirGap readiness; capture sealed-mode contract needs for orchestrator.
+
+## Needs
+- Sealed-mode contract from AirGap controller (seal/unseal scopes, staleness fields).
+- Mirror bundle pointers to include with orchestrator jobs.
+
+## Handoff
+Use as prep artefact; update once AirGap 56-001 contract is published.

docs/modules/orchestrator/prep/2025-11-20-airgap-56-002-prep.md

@@ -0,0 +1,9 @@
+# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-56-002
+
+Status: Draft (2025-11-20)
+Scope: Downstream of 56-001; needs sealed-mode staleness propagation.
+
+## Needs
+- From 56-001: seal contract and bundle pointers.
+- Staleness propagation rules to orchestrator runs.
+

docs/modules/orchestrator/prep/2025-11-20-airgap-57-001-prep.md

@@ -0,0 +1,9 @@
+# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-57-001
+
+Status: Draft (2025-11-20)
+Scope: Dependent on 56-002; timeline events for AirGap imports.
+
+## Needs
+- Event types/fields for bundle import timeline.
+- Alignment with AirGap mirror bundle IDs and staleness.
+

docs/modules/orchestrator/prep/2025-11-20-airgap-58-001-prep.md

@@ -0,0 +1,8 @@
+# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-58-001
+
+Status: Draft (2025-11-20)
+Scope: Dependent on 57-001; Evidence Locker integration for sealed mode.
+
+## Needs
+- Evidence Locker bundle pointers and attestation requirements in sealed mode.
+

docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md

@@ -0,0 +1,12 @@
+# Orchestrator OAS Prep — PREP-ORCH-OAS-61-001/61-002/62-001
+
+Status: Draft (2025-11-20)
+Scope: Telemetry contract inputs and OAS baseline for orchestrator APIs.
+
+## Needs
+- Telemetry/contract inputs from sprint 150.A (not yet published).
+- OAS baseline for orchestrator host.
+- SDK generation targets (depends on OAS v1).
+
+## Handoff
+Use as prep artefact for OAS 61/62 chain; update when telemetry inputs published.

docs/modules/orchestrator/prep/2025-11-20-svc-41-101-prep.md

@@ -0,0 +1,17 @@
+# Orchestrator Pack-Run Prep — PREP-ORCH-SVC-41-101 / 42-101 / TEN-48-001
+
+Status: Draft (2025-11-20)
+Owners: Orchestrator Service Guild
+
+## 41-101 needs
+- Envelope + DAL from 38-101 to register pack runs.
+- Storage schema for pack-run records.
+
+## 42-101 needs
+- Stream contract from 41-101 (pack-run plumbing) to drive streaming.
+
+## TEN-48-001 needs
+- Tenant context plumbing for job DAL/routes.
+
+## Handoff
+Use as prep artefact; update when 38-101 envelope lands and DAL schema is fixed.