FIX7 Control Epoch TOCTOU Spec

Exactly one qt001_cp.control_epoch row owned by NOLOGIN owner. Epoch increments exactly once for activation/rollback, principal/evidence revoke, owner/ACL cutover/rollback, writer/gateway/readiness repoint, scheduler/verifier authority change, protected source/target/entrypoint change. Writer transaction locks row FOR SHARE, captures epoch/control/manifest hashes, evaluates acceptance, mutates only gateway, rereads/asserts before commit. Activation/cutover locks FOR UPDATE, validates request, applies atomically, recomputes hashes, increments epoch. Rollback never decrements. Race/stale/mismatch/evidence tests required.