Add analytics license seat roster guard

[taherdhanera]

/claim #20

Summary

• Adds a distinct analytics-license-seat-roster-guard/ Revenue Infrastructure slice for issue Revenue Infrastructure #20.
• Reconciles named analytics dashboard, viewer, and API seats against contracted entitlements before renewal or true-up billing.
• Detects unapproved dashboard overage, external-domain access, expired temporary access, inactive paid seats, API usage from non-API seats, duplicate named seats, and finance-ready remediation actions.
• Emits deterministic JSON, Markdown, SVG, and WebM review artifacts from synthetic data.

Non-overlap

This is not another generic billing ledger, usage metering, payment webhook/failover, procurement, collections, storage overage, trial/promotion, account-transfer, prepaid credit, or analytics API usage module. It focuses specifically on named-seat roster leakage before analytics-license renewal or true-up.

Validation

• npm run check -> passed
• npm test -> analytics-license-seat-roster-guard tests passed
• npm run demo -> generated reports/summary.json, reports/reviewer-packet.md, and reports/summary.svg
• npm run demo:video -> generated reports/demo.webm
• WebM artifact check -> reports/demo.webm exists, 11202 bytes, EBML signature 1a45dfa3
• git diff --check -> passed
• git diff --cached --check -> passed

Synthetic data only. No credentials, private customer data, payment processor calls, bank/ACH/wallet actions, Stripe, PayPal, ERP, SSO, SCIM, analytics provider APIs, or live billing systems are used by the module.

AI-assisted with OpenAI Codex; I reviewed and locally verified the diff before submitting.