FLEX-WP-0006: implement ops-warden signing gate policy

examples/ops-warden/check_request_allow_atm.json

@@ -0,0 +1,22 @@
+{
+  "id": "check:ops-warden-backup-automation-atm",
+  "tenant": "tenant:platform",
+  "subject": {
+    "id": "backup-automation",
+    "type": "atm"
+  },
+  "action": "sign",
+  "resource": {
+    "id": "ssh-cert:actor/backup-automation",
+    "type": "ssh-certificate",
+    "system": "ops-warden"
+  },
+  "context": {
+    "principals": [
+      "backup"
+    ],
+    "actor_type": "atm",
+    "ttl_hours": 1,
+    "pubkey_fingerprint": "SHA256:example-atm-fingerprint"
+  }
+}