FLEX-WP-0006: implement ops-warden signing gate policy

examples/ops-warden/check_request_allow_adm.json

@@ -0,0 +1,23 @@
+{
+  "id": "check:ops-warden-platform-steward-adm",
+  "tenant": "tenant:platform",
+  "subject": {
+    "id": "platform-steward",
+    "type": "adm"
+  },
+  "action": "sign",
+  "resource": {
+    "id": "ssh-cert:actor/platform-steward",
+    "type": "ssh-certificate",
+    "system": "ops-warden"
+  },
+  "context": {
+    "principals": [
+      "platform",
+      "root"
+    ],
+    "actor_type": "adm",
+    "ttl_hours": 4,
+    "pubkey_fingerprint": "SHA256:example-adm-fingerprint"
+  }
+}