Add first-class Planr-executed verification evidence

[regenrek]

Summary

This PR adds a first-class deterministic verification layer around Planr's existing durable task graph without making Planr a loop engine.

Implemented:

• planr verify run <item-id> --cmd ... raw command path that executes a shell command, captures exit code, bounded stdout/stderr, assertion results, duration, run id, and capability state.
• Verification points via planr verify point add/list.
• Replay and evidence listing via planr verify replay and planr verify evidence list.
• Schema v2 tables for verification_points and verification_evidence.
• Extended planr plan audit flags: --strict, --autonomous, --require-verification-points, and --git-policy off|auto|require-clean|require-scoped.
• Adaptive Git policy. Git is inspected only when present unless a stricter policy opts in.
• Documentation for the verification evidence taxonomy, audit modes, Git policy, and browser evidence strength.
• E2E tests for Planr-executed evidence persistence and strict audit requiring deterministic evidence.

Design notes

• Agent-authored log add --kind verification remains backwards compatible, but strict/autonomous audit requires Planr-executed pass evidence.
• Browser verification is represented as --kind browser and becomes strong only when the command is Planr-executed and assertions pass.
• Heartbeat remains liveness only.
• No global Git or browser dependency is introduced.

Test plan

Added tests/verification.rs with coverage for deterministic command evidence and strict audit behavior.

I could not run cargo test in this environment because the local container could not clone GitHub and does not have the Rust toolchain installed. CI should be treated as the authoritative compile/test check for this branch.