feat(runtime): add governance-aware runtime bundle preparation

[mikeylong]

Summary

• add governance and runtime metadata to the canonical surface contract types and schema
• emit a dedicated runtime.json bundle from compile
• expose runtime-aware adapter payloads via prepare-generation and new prepare-runtime
• add validator and CLI coverage for the new runtime bundle flow

Validation

• pnpm --filter @surfaces/interfacectl-validator build
• pnpm --filter @surfaces/interfacectl-validator test
• pnpm --filter @surfaces/interfacectl-cli build
• pnpm --filter @surfaces/interfacectl-cli test

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e35f8c315c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Respect explicit mutation action allowlists

When a surface defines runtime.mutationEnvelope.allowedActions explicitly, this builder still appends "update-copy" whenever no section-level inferred actions exist. That broadens the contract’s declared mutation envelope (e.g., a surface that intended to allow only swap-variant will also permit copy updates in both generation.adaptation and runtime.mutationEnvelope), which can cause runtime/generation adapters to authorize changes that governance metadata did not allow.

Useful? React with 👍 / 👎.