Track ATSA-compatible drift baseline anchors

Interlock should support binding MCP tool baselines to verified admission-layer identity anchors such as:

(verified_server_id, pinned_signer_key, tool_name)

This lets Interlock compose with admission-layer trust systems like ATSA while keeping drift detection, quarantine, runtime policy, and audit evidence inside the runtime layer.