Add Fedora Atomic SkillManifests for software lanes (Flathub/Toolbox/rpm-ostree)

[mdheller]

Codifies Fedora Atomic software supply lanes as typed capabilities (SkillManifests) under skills/.

Adds:

• SkillManifests + entry docs + helper scripts:
  • fedora-atomic.flathub-remote-add
  • fedora-atomic.toolbox-bootstrap
  • fedora-atomic.rpm-ostree-layering (reviewMode=true; allowShellExecution=false)
• Placeholder policy notes referenced by SkillManifests:
  • urn:srcos:policy:socios.optin.signed-intent
  • urn:srcos:policy:host.mutation.requires.review

Notes:

• This is a first pass to establish the GitHub topology and typed manifests; enforcement/evaluation wiring is follow-on work.
• socios remains opt-in by design.

[mdheller]

Added typed Policy JSON artifacts (specVersion 2.0.0) aligned to SourceOS Typed Contracts:

• policies/socios.optin.signed-intent.json (CEL condition requires context.signedIntent==true)
• policies/host.mutation.requires.review.json (CEL condition requires reviewApproved && rollbackPlanPresent)
  These correspond to the URNs referenced by the Fedora Atomic SkillManifests and replace the earlier markdown-only placeholders.

[mdheller]

Could not update existing policies/README.md via contents API because it requires the current file sha (422). Added policies/POLICIES.md instead as the typed-policy overview. Follow-on: either fetch sha + update, or do blob/tree/commit plumbing if we want to replace README cleanly.