Harden v1.1.0 trust posture and docs; realistic receipts and TOC move

[GsCommand]

Motivation

• Remove trust and documentation contradictions around the v1.1.0 working line so the repository does not overclaim external pinning or signatures.
• Align normative language and examples with the actual in-repo state to prevent implementers from relying on unrealistic example evidence.
• Simplify onboarding and navigation so validation guidance and the Table of Contents are clear and discoverable.
• Preserve existing schema semantics while making provenance language honest and consistent across docs.

Description

• Clarify release provenance and working-line wording: convert v1.1.0 references to a "current working line" where schemas_cid is PENDING, and preserve v1.0.0 as the last externally pinned release by updating manifest.json, README.md, SPEC.md, GOVERNANCE.md, and package.json.
• Relax SPEC §7 wording so $id values remain the canonical HTTPS namespace but live HTTPS resolution is described as a SHOULD (future-facing) rather than an existing guarantee, and require validation against the shipped schema files for claimed compatibility (SPEC.md).
• Make agent semantics explicit and consistent: remove agent from the default success shape in docs, add a note that agent MAY be present, and adjust examples so some valid error receipts omit agent to teach its optional nature (SPEC.md, README.md, multiple examples/v1.1.0/commons/* files).
• Replace toy placeholder evidence in v1.1.0 examples with realistic-looking digest/CID/signature-shaped values and update TypeScript example comments to show these are format-realistic illustrative evidence; add a fixture note that such examples are illustrative unless paired with exact payload artifacts (examples/*, ONBOARDING.md, README.md).
• Improve onboarding accuracy by documenting that npm run validate is the aggregate command (it includes validate:examples) and that validate:examples is only needed for an examples-only loop (ONBOARDING.md).
• Clarify the governance footer is a plain-text steward declaration and not a cryptographic signature (GOVERNANCE.md).
• No structural schema or validation-script semantics were changed; the repo already lacked a validate:schema dead alias and CHANGELOG.md already contains a 1.0.0 entry, so those items were intentionally left unchanged.
• Key files changed: README.md, SPEC.md, GOVERNANCE.md, ONBOARDING.md, manifest.json, package.json, and multiple examples/v1.1.0/commons/* JSON/TS fixtures (36 files changed in this pass).

Testing

• Ran npm install successfully to ensure dev deps are present.
• Ran the aggregate validation npm run validate which compiled all schemas (✅ All 45 schemas compiled successfully.) and validated example fixtures for v1.0.0 and v1.1.0, completing with a successful summary.
• Verified artifact integrity with npm run checksums:verify, which reported OK for the shipped schema files.
• Performed a smoke import test with npm run test:smoke:import which succeeded (✅ Imported package entrypoint successfully with 20 exports.).

---

Codex Task