feat: add governance-audit hook — threat detection for Copilot sessions

Add real-time governance audit hook that scans prompts for threat signals:
- 5 threat categories: data exfiltration, privilege escalation,
  system destruction, prompt injection, credential exposure
- 4 governance levels: open, standard, strict, locked
- Append-only JSON audit trail (logs/copilot/governance/audit.log)
- Session summary with threat counts at session end
- Privacy-aware: logs decisions and metadata, never prompt content

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

hooks/governance-audit/audit-session-start.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Governance Audit: Log session start with governance context
+
+set -euo pipefail
+
+if [[ "${SKIP_GOVERNANCE_AUDIT:-}" == "true" ]]; then
+  exit 0
+fi
+
+INPUT=$(cat)
+
+mkdir -p logs/copilot/governance
+
+TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+CWD=$(pwd)
+LEVEL="${GOVERNANCE_LEVEL:-standard}"
+
+jq -Rn \
+  --arg timestamp "$TIMESTAMP" \
+  --arg cwd "$CWD" \
+  --arg level "$LEVEL" \
+  '{"timestamp":$timestamp,"event":"session_start","governance_level":$level,"cwd":$cwd}' \
+  >> logs/copilot/governance/audit.log
+
+echo "🛡️ Governance audit active (level: $LEVEL)"
+exit 0