06 - Controlled Identities Audit

Verdict: STRING_SPOOF_RISK.

Random identity strings and OTHER reviewer fail current synthetic tests, but provenance is any non-empty string. immutable and authority_lock are mutable booleans. Identity/evidence/signoff/plan/rule tables are owned by directus with full arwdDxt and no mutation-blocking triggers. Binding has no foreign keys. Evidence has no content hash/signature/external verification/append-only protection. Moving authority strings into app-writable rows is PG-hosted hardcode.