Implement private data access request/approval workflow

[Soushi888]

Overview

Implement a request/approval workflow for private data access, complementing the existing direct grant system from #27.

Background

The current system (#27) only supports direct grants where the data owner proactively shares data. A request workflow would allow agents to request specific private data fields, which the owner can then approve or deny.

Implementation

New functions needed:

• request_private_data_access(target_agent, requested_fields, reason) — Create access request
• respond_to_data_request(request_hash, approved, rationale) — Approve/deny with rationale
• get_pending_data_requests() — List pending requests for current agent
• get_my_data_requests() — List requests made by current agent

New entry type:

• DataAccessRequest with status tracking (pending/approved/denied/expired)

Use Cases

• Agent promotion: Promoter requests identity verification data
• Governance validation: Governance process requests compliance data
• Custodianship transfer: New custodian requests resource documentation

Files

• dnas/nondominium/zomes/coordinator/zome_person/src/capability_based_sharing.rs
• dnas/nondominium/zomes/integrity/zome_person/src/lib.rs
• tests/src/nondominium/person/person-capability-based-sharing.test.ts

Acceptance Criteria

• DataAccessRequest entry type with status tracking
• Request creation with field specification and reason
• Approval flow that automatically creates capability grant
• Denial flow with rationale
• Request listing for both requester and target
• Test coverage for full request lifecycle

Related

• Completed in Implement Enhanced Private Data Sharing System #27: Core capability-based sharing system (direct grants)
• May enable: Implement Enhanced Agent Promotion Workflow #33 Enhanced Agent Promotion Workflow
• May enable: Implement Specialized Role Validation System #34 Specialized Role Validation System