Complete WARDEN-WP-0012 routing scenario playbooks

Add platform-secret playbooks for issue-core ingestion, OpenRouter llm-connect,
object-storage STS, and database dynamic credentials. Extend the routing catalog
with draft entries and implement `warden route list --stale` for quarterly drift
review. Document the review cadence in AccessRouting and mark the workplan finished.

registry/routing/catalog.yaml

@@ -127,12 +127,45 @@ entries:
 
   # --- draft: owner path not yet shipped; hidden from default lookup ---
   - id: issue-core-ingestion-api-key
-    title: issue-core ingestion API key (OpenBao path TBD)
-    need_keywords: [issue-core, ingestion, api, key, openbao]
+    title: issue-core ingestion API key (OpenBao KV + ESO)
+    need_keywords: [issue-core, ingestion, api, key, openbao, issue_core_api_key, eso, external-secrets]
+    owner_repo: railiance-platform
+    subsystem: OpenBao + issue-core + activity-core
+    warden_executes: false
+    wiki_ref: wiki/playbooks/issue-core-ingestion-api-key.md#worker-checklist
+    canon_ref: net-kingdom/docs/platform-identity-security-architecture.md
+    reviewed: "2026-06-24"
+    status: draft
+
+  - id: openrouter-llm-connect
+    title: OpenRouter API key for llm-connect in activity-core
+    need_keywords: [openrouter, llm, llm-connect, api, key, activity-core, gemini, provider, openrouter_api_key]
+    owner_repo: railiance-platform
+    subsystem: OpenBao + activity-core
+    warden_executes: false
+    wiki_ref: wiki/playbooks/openrouter-llm-connect.md#worker-checklist
+    canon_ref: net-kingdom/docs/platform-identity-security-architecture.md
+    reviewed: "2026-06-24"
+    status: draft
+
+  - id: object-storage-sts
+    title: Object-storage STS / temporary S3 credentials
+    need_keywords: [s3, sts, object-storage, minio, artifact-store, temporary, credentials, bucket, vending]
+    owner_repo: net-kingdom
+    subsystem: flex-auth + OpenBao + artifact-store
+    warden_executes: false
+    wiki_ref: wiki/playbooks/object-storage-sts.md#worker-checklist
+    canon_ref: net-kingdom/docs/object-storage-sts-credential-vending.md
+    reviewed: "2026-06-24"
+    status: draft
+
+  - id: database-dynamic-credentials
+    title: Database dynamic credentials (OpenBao secrets engine)
+    need_keywords: [database, db, postgres, cnpg, dynamic, credentials, password, lease, openbao]
     owner_repo: railiance-platform
     subsystem: OpenBao
     warden_executes: false
-    wiki_ref: wiki/CredentialRouting.md#routing-table
+    wiki_ref: wiki/playbooks/database-dynamic-credentials.md#worker-checklist
     canon_ref: net-kingdom/docs/platform-identity-security-architecture.md
-    reviewed: "2026-06-18"
+    reviewed: "2026-06-24"
     status: draft