bastion.toml manifest parser with variable validation and dependency
declarations. Declarative compliance policy schema with per-platform
check implementations. Template loader with variable substitution
(Bastion-owned files only — never touches Ansible/Terraform).
PolicyRegistry and AccordRegistry with builtin fallbacks.
BOUNDARY: loader never touches automation framework files.
Signed-off-by: Tyler King <tking@guildhouse.dev>
