Add controller sovereignty toolkit

[mdheller]

Summary

Adds the initial SourceOS controller-sovereignty toolkit to sourceos-syncd.

This PR introduces a sanitized, read-only lane for modeling autonomous platform controllers as first-class state-integrity actors. It deliberately avoids committing raw local diagnostics, private identifiers, hostnames, IPs, SSIDs/BSSIDs, packet payloads, or personal file paths.

What changed

• Adds controller-sovereignty docs under docs/controller-sovereignty/.
• Adds a draft controller registry schema.
• Adds a redacted case-file template.
• Adds a sovereignty dashboard model.
• Adds tools/controller-inventory.sh, a non-mutating local controller inventory collector.
• Adds tools/resource-event-summary.py, a summary parser for local diagnostic reports supplied explicitly by the operator.

Design thesis

No hidden autonomous controller may consume material resources without registration, budget, logging, and revocation.

This extends the sourceos-syncd state-integrity mission from replicated state to operating-system behavior: background controllers must become observable, attributable, budgeted, and explainable before automation is allowed to act.

Safety / privacy boundaries

• No raw diagnostic reports committed.
• No device identifiers committed.
• No account identifiers committed.
• No packet payload capture.
• No mutating commands in the inventory script.
• No sudo required by the inventory script.

Validation

Connector-side compare shows this branch is 6 commits ahead of main and adds six files:

• docs/controller-sovereignty/README.md
• docs/controller-sovereignty/case-file-template.md
• docs/controller-sovereignty/controller-registry.schema.yaml
• docs/controller-sovereignty/sovereignty-dashboard.md
• tools/controller-inventory.sh
• tools/resource-event-summary.py

A CI workflow was intentionally not landed in this PR because the connector blocked the workflow payload. The tooling itself remains read-only and reviewable.