guardrails: authoritative CI and release gates after MVP

[terisuke]

Parent epic: #13

Problem

The local client can guide safe behavior, but merge, release, and post-merge authority must not depend on local agent goodwill alone.

Deliverables

• CI or provider-enforced review freshness gates
• release and post-merge verification policy
• documented split between local preflight checks and authoritative server-side gates

Acceptance

• the repo documents which gates are local-only versus authoritative
• release-sensitive operations are enforced outside the local client
• this work stays separate from the MVP floor so issue guardrails: safe agents and workflow commands #5 does not absorb CI policy scope

[terisuke]

CI and release gates implemented in guardrail.ts:

• CI hard block on gh pr merge (checks must be green)
• pre-merge tier-aware gate (EXEMPT/LIGHT/FULL)
• inject-claude-review-on-checks (CRITICAL/HIGH severity block)
• enforce-review-reading (stale review block)
• soak time enforcement
• follow-up fix limit

Remaining CI optimization tracked in #129.