Add enterprise data residency guard

[evilfps]

/claim #19

Adds a data residency guard for enterprise exports and webhooks.

Covers:

• tenant policy, region allowlists, DPA/SCC, embargo, and protected health data checks
• admin metrics, review queue, signed webhook events, and export manifest evidence
• sample data, tests, SVG preview, and GIF demo

Tested:

• cd enterprise-data-residency-guard && npm run check
• cd enterprise-data-residency-guard && npm test
• cd enterprise-data-residency-guard && npm run demo
• rsvg-convert enterprise-data-residency-guard/docs/demo.svg -o /tmp/scibase-demo.png
• demo.gif opened with Pillow: GIF, 3 frames, 960x540
• git diff --check
• credential pattern scan, no hits

[Copilot]

Pull request overview

Adds a new self-contained enterprise-data-residency-guard/ module that evaluates cross-border data transfer decisions for institutional tenants. Given tenant policy, destination metadata, and research records, it produces per-record approve/review/block decisions, dashboard metrics, signed webhook envelopes, and an export manifest with evidence digests. The module is zero-dependency (Node built-ins), ships with sample data, tests, a demo script, and visual artifacts, and is wired only by a one-line addition to the top-level README.

Changes:

• New evaluation engine in src/data-residency-guard.js covering region allowlists, DPA/SCC requirements, blocked classifications, human-subject review, and active embargoes.
• Sample tenants/destinations/records plus a Node --test suite verifying decisions, dashboard counts, deterministic digests, manifest entries, and the text report.
• Demo script, package scripts (check/test/demo), README, requirement map, and demo SVG.

Reviewed changes

Copilot reviewed 8 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
README.md	Adds a one-line pointer to the new module.
enterprise-data-residency-guard/package.json	Defines ESM package with check, test, and demo scripts; no runtime deps.
enterprise-data-residency-guard/src/data-residency-guard.js	Core residency evaluator: per-record findings, dashboard summary, webhook events, export manifest, audit digest, text report.
enterprise-data-residency-guard/scripts/demo.js	Loads sample input and prints the rendered text report.
enterprise-data-residency-guard/test/data-residency-guard.test.js	Node test suite for decisions, digests, manifest, and report text.
enterprise-data-residency-guard/data/sample-residency-input.json	Synthetic tenants, destinations, and records exercising approve/review/block paths.
enterprise-data-residency-guard/README.md	Module overview, run instructions, reviewer notes, file index.
enterprise-data-residency-guard/docs/requirement-map.md	Maps the module to issue #19 enterprise tooling requirements.
enterprise-data-residency-guard/docs/demo.svg	Static dashboard preview used as demo artifact.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[evilfps]

Fixed in latest push. stableDigest uses stableStringify now.

[evilfps]

Closing this one and reopening from a clean branch: #164