feat: Add new provenance and crypto registry documentation

- Introduced attestation inventory and subject-rekor mapping files for tracking Docker packages.
- Added a comprehensive crypto registry decision document outlining defaults and required follow-ups.
- Created an offline feeds manifest for bundling air-gap resources.
- Implemented a script to generate and update binary manifests for curated binaries.
- Added a verification script to ensure binary artefacts are located in approved directories.
- Defined new schemas for AdvisoryEvidenceBundle, OrchestratorEnvelope, ScannerReportReadyPayload, and ScannerScanCompletedPayload.
- Established project files for StellaOps.Orchestrator.Schemas and StellaOps.PolicyAuthoritySignals.Contracts.
- Updated vendor manifest to track pinned binaries for integrity.

.spectral.yaml

@@ -0,0 +1,40 @@
+extends:
+  - "spectral:oas"
+
+formats:
+  - "oas3"
+
+rules:
+  stella-info-title:
+    description: "OpenAPI info.title must be present"
+    message: "Add a descriptive `info.title`"
+    given: "$.info.title"
+    severity: error
+    then:
+      function: truthy
+
+  stella-info-version:
+    description: "OpenAPI info.version must be present"
+    message: "Set `info.version` (SemVer or release tag)"
+    given: "$.info.version"
+    severity: error
+    then:
+      function: truthy
+
+  stella-servers-https:
+    description: "Servers should use https"
+    given: "$.servers[*].url"
+    severity: warn
+    then:
+      function: pattern
+      functionOptions:
+        match: "^https://"
+
+  operation-operationId-required:
+    description: "Every operation must have an operationId"
+    message: "Add an `operationId` for this operation"
+    given: "$.paths[*][*]"
+    severity: error
+    then:
+      field: operationId
+      function: truthy