safety: certification roadmap, determinism proof, FMEA, safety case, MISRA config

Certification Roadmap (safety/certification_roadmap.md):
- 5-phase SEooC qualification path for IEC 61508 SIL 4 / ISO 26262 ASIL D
- Current state assessment with gap analysis
- MISRA C, MC/DC coverage, CBMC, formal verification timeline
- Evidence package contents for system integrators

Determinism Proof Test (tests/unit/test_arbiter_determinism/):
- 4 proof strategies: repeat-eval (10K iterations), fact write order
  independence, cross-seed consistency (100x100), re-init determinism
- Level 1 empirical evidence per certification roadmap

FMEA (safety/fmea.md):
- 10 failure modes analyzed: fact corruption, stale data, overflow,
  div-by-zero, model corruption, guard ordering, unbounded execution,
  dynamic allocation, callback failure, concurrent access
- Severity/detection ratings with mitigations and test references

Safety Case (safety/safety_case.md):
- GSN-structured argument with 4 strategies, 12 sub-goals, 26 evidence items
- Overall confidence: 0.72 with path to 0.90+

MISRA C (safety/misra_c_2012.cfg, misra_suppressions.txt):
- cppcheck MISRA addon configuration
- Clean suppression file (no deviations yet)

Also fixes uppercase ARBITER_ paths in REQUIREMENTS.md component references.

Co-Authored-By: Oz <oz-agent@warp.dev>

Author: tbitcs

.specsmith/ledger-chain.txt

@@ -1 +1,37 @@
 cab3c661cbde99ad47c9002ff5e9f357c1769f118cfa9b1dd55a00323c49da1f
+260e95483887839da670b7f8ee0341331e85cd26e98150d081d0fe5a8f5efec4
+a27fae6cd64b978f376192fb9c46ae3072e8ad26d242dcd827a7ef7a6dce0d3c
+39404b8a4f9cde98ac9f2d405e98d52d7251ad8817f5c171c704331e2daa6fee
+fce860d44fd7bd0213d2b71868268f1782bbdac26e0857b906bf28337e33314e
+dd62eea5b2d381856d79e422805ba1b3480db21313b1f42e2dde23dc12c60868
+a601c4b4b9bd847235c05f7a8234951d6cee1c8d948ea63f48cbcae3f70100ee
+33d9e9d768c8a63751669f7886bd8183d4e8a3727fb049bfc1cf8f15543452b2
+24d083fa23cea00af6614b73efaef5b779e6c218e2ace9db46eb5c01c98c4deb
+8287c9b697961325df345962971c316d461b4c2ba690edd4172470c7c9e9f8d7
+25222819bd3fd6ef219309d0be546007c72d1396df174259dc2fb7a5df18343f
+71d98b8db889375f40490bea9be77fa5fdeecf6e76bfcf12829a4961e20f31a6
+262167e2e173ddee42a3e9431218bb298fcb382028fba9ecc88fd1514ecbec6a
+4abb7e56fb2bfa6e0ed2e2424fec7399b5a4ca7441221dc8a405cb04b43da8bc
+5f3cc7fbbb7e49734bdc24d564b10e419618b2fdb20cb49ae4f3cb33836765e1
+f951fa37286e7615bce9b17976e91b057d9ad4d63f5adca8c314074545f3cf88
+81cccc74a98acb210350e3ffccc1cea375616969be393143c3804eaed0deb41b
+6f1fd22b998c2795a280e90b11b37f436e4fbce4eccd482b7f0dd756d3fd034e
+1c87f8259586eb1b2238eb8b7d1ed0c3e07dafeccce124567a2276b2635db868
+182e67f00ddd3d2ee7cc638f778586b9529c57c250128b79c52970034065e701
+702ce2473b15d9467da438edacf05c53f90f141e3599b0bb8d51f798a7874ba7
+5a24bb25dde3e4b38de2722f2f7682378f1cc4a6fde596db4f755161a192c7b7
+303ec58f619cc79e33b631d17220c223c4967dd52f00f96eb43f8c1e77a6813d
+e57a57ed5f05dd806918875fddaa3b378ad8395e36d240085523caba34f0b05b
+b7a49043ed2cf71f7d9b5cc8bbd76b1672be3b001156daa8821be61bd9bb43ce
+15a8138daa0496b4a6c5063322e119e48d0976c6b3a5bf424ba2b7ca4d304f02
+ee2bb6718e730373aca1878be1f865fc2a83bd5b79cb4beee7a9c60b32bb54c6
+44f9933c9d387a0dcd6ac50c297eeeb4804a1644c85f52b4b146d9a9a2084c0f
+a2c7514ffce939e62da66e41a99eb1daa279b22f963675ff7dd06ff6defc7367
+5724209a893af5fa85df7e9612a9ca91949a5ce35fcf7b284852fae69fcc559e
+7876be9a6bd9261b96606ab4bb32d64c6b0b0e6bbd6fffd377ab39d471a83b1f
+6f891faca2a4d03d13cdc0d1bb9e712fda30cdd63d7eb5c6fcc682be20505a8b
+36972e9fde28ffaccf09d28bf753dcfec7a87e5f81f5553dce3fe02519329ea6
+0ecad47a937f93f6ee7981bcbcf026baaceeaae55a785aced87fb46c21a1293e
+ca42124cb56eade5ea6262ac28dc68824d4333141a0a87f1be9f50efffe37617
+15ec9c182dac2256743599464cfa6a970b556ca5d9fa0655f079b0aa1b4b2d3d
+93b3525850de7bfd3e044b60b3a90ce069e1a286b5cd6044ca23e9e1d29a3eeb