feat: Implement policy attestation features and service account delegation

- Added new policy scopes: `policy:publish` and `policy:promote` with interactive-only enforcement.
- Introduced metadata parameters for policy actions: `policy_reason`, `policy_ticket`, and `policy_digest`.
- Enhanced token validation to require fresh authentication for policy attestation tokens.
- Updated grant handlers to enforce policy scope checks and log audit information.
- Implemented service account delegation configuration, including quotas and validation.
- Seeded service accounts during application initialization based on configuration.
- Updated documentation and tasks to reflect new features and changes.

src/AdvisoryAI/StellaOps.AdvisoryAI/Abstractions/ISbomContextRetriever.cs

@@ -0,0 +1,10 @@
+using System.Threading;
+using System.Threading.Tasks;
+using StellaOps.AdvisoryAI.Context;
+
+namespace StellaOps.AdvisoryAI.Abstractions;
+
+public interface ISbomContextRetriever
+{
+    Task<SbomContextResult> RetrieveAsync(SbomContextRequest request, CancellationToken cancellationToken);
+}