feat: preflight CLI check — intent-layer governance before agent execution

[jpleva91]

Context

Microsoft AGT validates the preflight/intent governance layer. AgentGuard owns the execution firewall. The winning product does both. See docs/strategy/dual-layer-governance-strategy.md.

Proposal

Add agentguard preflight <task> command to the kernel:

1. Takes a task description + reads policy from agentguard.yaml
2. Evaluates intent against preflight_rules (scope, capabilities, risk level)
3. Returns ALLOW / WARN / DENY with human-readable reasons
4. Runs BEFORE the agent starts, steering it toward safe actions

Policy format addition

preflight_rules:
  - scope: ["/src/**", "/tests/**"]
    capabilities: [filesystem.read, filesystem.write]
    risk: low
    action: allow
  - scope: ["/etc/**", "/usr/**"]
    capabilities: [filesystem.write]
    risk: high
    action: deny
  - pattern: "rm -rf *"
    risk: critical
    action: deny

Why Now

• May 6 Copilot CLI talk needs both layers demonstrated live
• Microsoft AGT dropped Apr 2 — category is validated, we need to cover both layers
• ~500 lines of Go, 2-week build

Demo flow

1. Preflight: "Task requires writes to /src/auth/ — ALLOWED"
2. Agent runs, generates dangerous command
3. Execution firewall blocks it
4. "Intent layer said OK. Execution layer caught the risk."

Closes the gap between preflight (what agent SHOULD do) and kernel (what agent CAN do).

[jpleva91]

Migrated to chitinhq/chitin#42