Add 'gsh corpus' org-ops module with install/list/verify/remove
subcommands. Orchestrates existing package managers and wraps each
installation with Corpus attestation:
- Resolves package source (apt, dnf, direct, auto-stub)
- Downloads via existing package manager
- Computes CID (SHA-256) and generates SBOM (syft or SPDX stub)
- Infers ShellGovernance (shell class, tier, delegation context)
from known binary classifications
- Creates CorpusEntry CRD via kubectl apply
- Places binary in governed path (/governed/app/bin or system/bin)
corpus verify: checks on-disk binary hashes against manifest CIDs
corpus list: kubectl get corpusentries
corpus remove: kubectl delete corpusentry
8 unit tests for inference logic and SBOM generation.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
7380b834d1