feat(secrets): Implement secret leak policies and signal binding

- Added `spl-secret-block@1.json` to block deployments with critical or high severity secret findings.
- Introduced `spl-secret-warn@1.json` to warn on secret findings without blocking deployments.
- Created `SecretSignalBinder.cs` to bind secret evidence to policy evaluation signals.
- Developed unit tests for `SecretEvidenceContext` and `SecretSignalBinder` to ensure correct functionality.
- Enhanced `SecretSignalContextExtensions` to integrate secret evidence into signal contexts.

src/Scheduler/StellaOps.Scheduler.WebService/SchedulerEndpointHelpers.cs

@@ -1,6 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Text;
+using StellaOps.Determinism;
 using StellaOps.Scheduler.Models;
 using StellaOps.Scheduler.Persistence.Postgres.Repositories;
 
@@ -13,14 +14,15 @@ internal static class SchedulerEndpointHelpers
     private const string ActorKindHeader = "X-Actor-Kind";
     private const string TenantHeader = "X-Tenant-Id";
 
-    public static string GenerateIdentifier(string prefix)
+    public static string GenerateIdentifier(string prefix, IGuidProvider? guidProvider = null)
     {
         if (string.IsNullOrWhiteSpace(prefix))
         {
             throw new ArgumentException("Prefix must be provided.", nameof(prefix));
         }
 
-        return $"{prefix.Trim()}_{Guid.NewGuid():N}";
+        var guid = (guidProvider ?? SystemGuidProvider.Instance).NewGuid();
+        return $"{prefix.Trim()}_{guid:N}";
     }
 
     public static string ResolveActorId(HttpContext context)