docs(warhacker): drone-loses-contact end-to-end scenario + tamper test

[stephenlutar2-hash]

Why

At Warhacker (June 16–19, San Diego), Andrew Greene (Defense Unicorns)
explicitly asked for a "running deployment" that proves AI oversight
end-to-end — not slideware. This PR adds that scenario.

An autonomous-AI action proposal (a drone that has lost its C2 link proposing
to redirect into an unauthorized zone) flows through all five SZL substrate
modules and is denied, producing a tamper-evident DSSE receipt chain that
any reviewer in the room can verify themselves (Doctrine V7 §10 — no theater).

a11oy (orchestration) → sentra (security gates) → amaru (memory chain)
      → rosie (operator console) → vessels (operator UI)

What's in docs/warhacker-scenario/

• scenario_drone_loses_contact.sh — single bash entry point, ≤90s on a warm
  cache, 7 steps across all 5 modules (live cluster or offline fixture mode).
• scenario_drone_loses_contact.md — narrated walkthrough.
• scenario_tamper_test.sh — mutate a receipt → DSSE verify fails → sentra
  alerts → rosie flags the chain break.
• fixtures/ — proposal_rejected, proposal_accepted, receipt_chain
  (3-receipt DSSE chain), tampered_receipt, plus gen_fixtures.py.
  Signatures are real HMAC-SHA-256 over the canonical payload using the
  published demo key szl-warhacker-demo-2026.

The 18 verifiable proof points (1 per ~5s)

Every line is a discrete kubectl / curl / DSSE-verify command:

• a11oy — PP1 pods Running · PP2 POST /api/v1/proposals · PP3 read 9-axis
  verdict · PP4 verify DSSE receipt signature.
• sentra — PP5 deny-by-default alert in logs · PP6 confirm policy mode ·
  PP7 failing axis explicit in receipt (actorIdentity 0.42 < 0.90).
• amaru — PP8 receipt chained (3 receipts) · PP9 prev_receipt_hash linkage
  INTACT · PP10 every receipt VERIFIED · PP11 σ-algebra node id recorded.
• rosie — PP12 console pod Running · PP13 receipts surfaced for uav-7 ·
  PP14 replay view URL.
• vessels — PP15 web pod Running · PP16 uav-7 marked REJECTED · PP17 fleet
  map URL.
• provenance — PP18 deployed bundle is keyless-signed (cosign verify-blob).

Verification (CI-free, reproducible)

• bash -n passes on both scripts.
• python3 -m json.tool passes on all four fixtures.
• DSSE spot-check: recomputing HMAC-SHA-256 over the canonical payload matches
  the stored signature; the tampered fixture fails verification (correct).

Scope

In-cluster scenario only. The UDS bundle / Zarf package build is owned by the
parallel Gap 1 effort (szl-uds-deployment, uds run start); this scenario
drives the already-deployed substrate and does not rebuild it. No module repos
touched — .github/docs/ only.

Real receipts, real DSSE signatures, real Lean reference (lutar-lean:
Lutar/PACBayes/CapabilityImprovementRate.lean@c4d1379568). No fake outputs.