feat(secrets): Implement secret leak policies and signal binding

- Added `spl-secret-block@1.json` to block deployments with critical or high severity secret findings.
- Introduced `spl-secret-warn@1.json` to warn on secret findings without blocking deployments.
- Created `SecretSignalBinder.cs` to bind secret evidence to policy evaluation signals.
- Developed unit tests for `SecretEvidenceContext` and `SecretSignalBinder` to ensure correct functionality.
- Enhanced `SecretSignalContextExtensions` to integrate secret evidence into signal contexts.

src/Policy/__Libraries/StellaOps.Policy/StellaOps.Policy.csproj

@@ -19,8 +19,11 @@
     <EmbeddedResource Include="Schemas\policy-schema@1.json" />
     <EmbeddedResource Include="Schemas\policy-scoring-default.json" />
     <EmbeddedResource Include="Schemas\policy-scoring-schema@1.json" />
+    <EmbeddedResource Include="Schemas\signals-schema@1.json" />
     <EmbeddedResource Include="Schemas\spl-schema@1.json" />
     <EmbeddedResource Include="Schemas\spl-sample@1.json" />
+    <EmbeddedResource Include="Schemas\spl-secret-block@1.json" />
+    <EmbeddedResource Include="Schemas\spl-secret-warn@1.json" />
   </ItemGroup>
 
   <ItemGroup>