Implement credential change request review flow

docs/credential-change-approval.md

@@ -137,18 +137,21 @@ Version 1 should be boring:
 - prompt or delegate separately for secret value entry;
 - record non-secret evidence in State Hub.
 
-The CLI shape can be:
+The first implemented CLI slice is:
 
 ```bash
-scripts/credential-change.py propose workload-kv ...
-scripts/credential-change.py render CCR-YYYY-NNNN
-scripts/credential-change.py approve CCR-YYYY-NNNN --comment "..."
-scripts/credential-change.py deny CCR-YYYY-NNNN --comment "..."
-scripts/credential-change.py apply CCR-YYYY-NNNN
-scripts/credential-change.py verify CCR-YYYY-NNNN
-scripts/credential-change.py deactivate CCR-YYYY-NNNN --reason "..."
+make credential-change-validate
+make credential-change-render CREDENTIAL_CHANGE=CCR-2026-0001
+make credential-change-plan CREDENTIAL_CHANGE=CCR-2026-0001
+scripts/credential-change.py approve CCR-2026-0001 --reviewer <name> --comment "..."
+scripts/credential-change.py deny CCR-2026-0001 --reviewer <name> --comment "..."
+scripts/credential-change.py needs-changes CCR-2026-0001 --reviewer <name> --comment "..."
+make credential-change-apply-plan CREDENTIAL_CHANGE=CCR-2026-0001
 ```
 
+`apply-plan` is intentionally guarded: it refuses anything not approved and
+refuses unconfirmed auth bindings.
+
 The same operations can be exposed through chat by having the agent create the
 proposal, show the rendered summary, then call the CLI only after the human
 gives an explicit approval phrase.