feat: Add new provenance and crypto registry documentation

- Introduced attestation inventory and subject-rekor mapping files for tracking Docker packages.
- Added a comprehensive crypto registry decision document outlining defaults and required follow-ups.
- Created an offline feeds manifest for bundling air-gap resources.
- Implemented a script to generate and update binary manifests for curated binaries.
- Added a verification script to ensure binary artefacts are located in approved directories.
- Defined new schemas for AdvisoryEvidenceBundle, OrchestratorEnvelope, ScannerReportReadyPayload, and ScannerScanCompletedPayload.
- Established project files for StellaOps.Orchestrator.Schemas and StellaOps.PolicyAuthoritySignals.Contracts.
- Updated vendor manifest to track pinned binaries for integrity.

.gitea/workflows/api-governance.yml

@@ -0,0 +1,27 @@
+name: api-governance
+on:
+  push:
+    paths:
+      - "src/Api/**"
+      - ".spectral.yaml"
+      - "package.json"
+  pull_request:
+    paths:
+      - "src/Api/**"
+      - ".spectral.yaml"
+      - "package.json"
+
+jobs:
+  spectral-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+      - name: Install npm deps
+        run: npm install --ignore-scripts --no-progress
+      - name: Spectral lint (fail on warning+)
+        run: npm run api:lint