Polish release-facing wording and tighten checksum/derivative verification (v1.1.0)

[GsCommand]

Motivation

• Improve first impression and reviewer trust for the v1.1.0 repository line by making release, checksum, and discovery language consistent and protocol-grade without changing the release model.
• Make reproducibility claims explicit by separating canonical root checksum coverage from derivative dist-pin/ verification so reviewers can independently verify sources.

Description

• Tightened release and authority wording across README, SPEC, CHANGELOG, ONBOARDING, and POLICY to consistently treat root agents/v1.1.0/, meta/, .well-known/, and schemas/v1.1.0/ as canonical while describing v1.1.0 as a release-candidate repository line pending validate:release and external binding confirmation.
• Clarified checksum and reproducibility model by explicitly framing checksums.txt as the canonical checksum record for the root release surfaces and describing dist-pin/agent-cards/v1.1.0/ as a committed derivative bundle that must be verified by rebuild; added matching manifest keys describing derivative verification and checksum scope.
• Harmonized JSON discovery/registry metadata by updating .well-known/*.json and meta/*-agent.json descriptions to use the same "repository line" phrasing and adjusted meta/manifest.json fields (checksums.covers, derivative_verification, surface_roles, and publication.checksum_scope) to reflect the clarified model.
• Fixed small spec/README gaps (added missing commercial source/mirror pattern lines, renumbered headers in SPEC.md for clarity), regenerated checksums.txt, and rebuilt the committed dist-pin/agent-cards/v1.1.0/ bundle so in-repo artifacts match the edited root files.

Testing

• Ran lightweight JSON sanity check with node -e "JSON.parse(require('fs').readFileSync('meta/manifest.json','utf8')); JSON.parse(require('fs').readFileSync('.well-known/agent.json','utf8')); JSON.parse(require('fs').readFileSync('.well-known/agent-cards-v1.1.0.json','utf8')); JSON.parse(require('fs').readFileSync('meta/commons-agent.json','utf8')); JSON.parse(require('fs').readFileSync('meta/commercial-agent.json','utf8')); console.log('json ok')" (success).
• Ran repository validation npm run validate which completed successfully after regenerating checksums with node scripts/generate-checksums.mjs (success).
• Rebuilt the derivative publish bundle with node scripts/build-dist-pin.mjs and re-ran npm run validate:release; derivative-bundle verification matched a fresh build (success) but full external schema URL resolution failed in this environment (external fetch failures), so publish-scoped mirror resolution remains outstanding (partial success: local + bundle verification OK; external network resolution failed).

---

Codex Task