fix(scope-lock): require objective match for claims

[intel352]

Summary

• Add objective-bound ownership metadata to session lock attribution rows so a fresh/resumed session cannot silently claim another session's locked plan.
• Block scope-lock-claim on objective mismatch unless the handoff is explicit with --confirmed.
• Add a SessionStart resume target checkpoint and document the cross-harness re-anchor flow.
• Bump plugin manifests and release notes to v6.2.1.

Design / Plan

• Design: docs/plans/2026-05-31-session-owned-lock-claims-design.md
• Plan: docs/plans/2026-05-31-session-owned-lock-claims.md
• ADR: decisions/0002-lock-claims-require-objective-match.md

Scope Manifest

• PR Count: 1
• Tasks: 4
• Status: Complete 2026-05-31T18:14:36Z
• PR row: fix(scope-lock): require objective match for claims / Tasks 1-4 / fix/issue-52-session-ownership

Test Plan

• tests/hook-contracts.sh -> All hook contract tests passed.
• tests/skill-cross-refs.sh -> PASS: all cross-skill references resolve.
• tests/skill-content-grep.sh -> PASS: skill content is host-neutral or properly conditioned.
• tests/plan-scope-check.sh --plan docs/plans/2026-05-31-session-owned-lock-claims.md -> PASS: scope-manifest checks succeeded.
• git diff --check origin/main..HEAD -> exit 0.

Regression Proof

With fix reverted:

$ tests/hook-contracts.sh
reverted_rc=1
FAIL: scope-lock-claim: objective mismatch was not blocked
FAIL: scope-lock-claim: matching objective row missing metadata
FAIL: scope-lock-claim: confirmed handoff row missing

With fix restored:

$ tests/hook-contracts.sh
All hook contract tests passed.

Fix-forward review note: inline review caught and fixed the --confirmed flag-position parser edge case and HTTPS remote normalization before this PR was opened.

Closes #52.