docs(platform): add policy configs, runbooks, ops scripts and platform documentation

Config policies (16 files): alert_routing, architecture_pressure, backlog,
cost_weights, data_governance, incident_escalation, incident_intelligence,
network_allowlist, nodes_registry, observability_sources, rbac_tools_matrix,
release_gate, risk_attribution, risk_policy, slo_policy, tool_limits, tools_rollout

Ops (22 files): Caddyfile, calendar compose, grafana voice dashboard,
deployments/incidents logs, runbooks for alerts/audit/backlog/incidents/sofiia/voice,
cron jobs, scripts (alert_triage, audit_cleanup, migrate_*, governance, schedule),
task_registry, voice alerts/ha/latency/policy

Docs (30+ files): HUMANIZED_STEPAN v2.7-v3 changelogs and runbooks,
NODA1/NODA2 status and setup, audit index and traces, backlog, incident,
supervisor, tools, voice, opencode, release, risk, aistalk, spacebot

Made-with: Cursor

ops/scripts/rotate_sofiia_keys.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+ENV_FILE="${ROOT_DIR}/.env"
+COMPOSE_FILE="${ROOT_DIR}/docker-compose.node2-sofiia.yml"
+
+if [[ ! -f "${ENV_FILE}" ]]; then
+  echo "Missing .env: ${ENV_FILE}" >&2
+  exit 1
+fi
+
+NEW_KEY="$(openssl rand -hex 24)"
+
+if grep -q '^SOFIIA_CONSOLE_API_KEY=' "${ENV_FILE}"; then
+  sed -i '' "s/^SOFIIA_CONSOLE_API_KEY=.*/SOFIIA_CONSOLE_API_KEY=${NEW_KEY}/" "${ENV_FILE}"
+else
+  printf '\nSOFIIA_CONSOLE_API_KEY=%s\n' "${NEW_KEY}" >> "${ENV_FILE}"
+fi
+
+if grep -q '^SUPERVISOR_API_KEY=' "${ENV_FILE}"; then
+  sed -i '' "s/^SUPERVISOR_API_KEY=.*/SUPERVISOR_API_KEY=${NEW_KEY}/" "${ENV_FILE}"
+else
+  printf 'SUPERVISOR_API_KEY=%s\n' "${NEW_KEY}" >> "${ENV_FILE}"
+fi
+
+docker compose -f "${COMPOSE_FILE}" up -d sofiia-console router >/dev/null
+
+echo "Sofiia keys rotated and services restarted."
+echo "Use this API key for X-API-Key header:"
+echo "${NEW_KEY}"