Add project break-glass access guard

[ethanmillerinvestments-code]

Summary

• Adds a dependency-free project break-glass access and post-access review guard for User & Project Management.
• Evaluates emergency owner/admin access requests for locked or time-sensitive scientific workspaces using role, reason-code, MFA freshness, least-privilege scope, expiry, protected data class, sponsorship, audit receipt, and post-access review gates.
• Emits decisions for approved, approve-with-review, steward-review, and denied requests.
• Includes JSON, Markdown, SVG, and MP4 reviewer artifacts.

Non-overlap

This targets temporary break-glass emergency access and mandatory post-access review. It does not implement a broad workspace/RBAC ledger, privacy access review, member lifecycle/offboarding flow, institutional recertification module, anonymous-review escrow, identity merge/export, data-room consent ledger, researcher profile sync, archive handoff, access-audit anomaly monitor, role delegation guard, invitation-domain/MFA guard, funding-attribution guard, service-token governance module, or deletion/erasure guard.

Validation

• npm run check
• npm test
• npm run demo
• ffprobe -v error -show_entries format=duration,size -show_entries stream=codec_name,width,height,pix_fmt -of default=noprint_wrappers=1 reports/demo.mp4
• git diff --check
• git diff --cached --check

/claim #11

[ethanmillerinvestments-code]

/claim #11