[codex] add deployment orchestrator with 5-phase safety gates

[jkausel-ai]

What changed

This PR adds the deployment orchestrator workflow and supporting runtime pieces for the 5-phase flow:
GATE CHECK -> DISPATCH -> STAGING DEPLOY -> VERIFY -> PRODUCTION PROMOTE.

It includes:

• deployment orchestrator skill and registration
• deployment coordinator prompts, worker factory, and state machine
• deployment feature gates, checkpoint storage, and metrics collector
• deployment coordinator tests and mocks
• a version-controlled security audit record in docs/SECURITY-AUDIT-2026-04-01.md

Why it changed

The repository needed a production-shaped deployment orchestration path with explicit safety gates, resumability, and measurable verification instead of ad hoc rollout behavior.

The security audit document was also moved into the codebase so the findings and remediation context are preserved with the product history.

Impact

Developers now have a structured deployment orchestration slice with:

• typed deployment models
• checkpoint-based resume support
• feature-gated rollout behavior
• metrics regression detection hooks
• integration and service-level test coverage

Validation

Ran:

• npx tsx --test tests/coordinator/deployment/*.test.ts

Result:

• 12 tests passed

Notes

• The local checkout still has unrelated untracked working-note files that were intentionally not included in this PR.
• Earlier direct push to upstream main was not permitted for the current account, so this PR comes from the fork branch.