Implement SAND-WP-0002 meta-framework foundation (T01–T09)

Add meta-framework spec, pydantic schemas, profile/extension YAML, extension
registry, ext.compose-ssh backend, SandboxManager with State Hub events, CLI
commands, integration docs, capability registry entry, and compose-e2e runbook.
Nine unit tests pass. T10 remote smoke test remains for operator.

extensions/ext.compose-ssh.yaml

@@ -0,0 +1,16 @@
+id: ext.compose-ssh
+title: Compose over SSH
+description: >
+  Self-hosted extension migrated from the-custodian/e2e-framework. Provisions an
+  isolated directory on a remote host, rsyncs the consumer repo, and runs docker
+  compose. Test execution and health polling are consumer-owned (wise-validator).
+handler: sandboxer.extensions.compose_ssh:ComposeSSHExtension
+capabilities:
+  isolation_levels: [container]
+  regions: []
+  persistence: false
+  pricing_model: self-hosted
+config:
+  base_dir: /tmp/sandboxer
+  ssh_user: root
+  compose_timeout_s: 180