Hardcode Guard v2 Audit

Guard behavior fixed and correctly FAILS: unclassified 0, dangerous authority open 1, dangerous open 2, unknown open 2. Inventory incomplete: missing not_in_set false-pass, policy-incomplete hash, weak signoff, ignored rule semantics, readiness literals, blocker policy, full-DML authority. HC-05 still affects tiers, not signal-only.