docs: add DPA template + move sprint-s1 history out of public repo

[MrChengLen]

Two findings from the post-merge 4-eyes audit (3 expert agents: PM, Business, Security). Both surgical — no code changes.

1. NEW docs/dpa-template.md (Article 28 GDPR skeleton)

The Compliance-Edition pitch in /enterprise and COMMERCIAL-LICENSE.md promises a "DPA template" inclusive in every tier. Until now, no such file lived in the repo — a procurement reviewer asking "send the DPA template" got nothing back. Business-Agent flagged this as a HIGH liability and trust gap before first customer.

The new docs/dpa-template.md is a 12-section Art. 28 GDPR skeleton with bracketed placeholders that get filled in the pilot conversation: parties, subject matter, nature of processing, data subjects + data categories, audit log + integrity attestation, sub-processors (cross- links existing docs/sub-processors.md), TOMs (cross-links security/ threat-model/patch-policy/incident-response/release-signing), the controller's instructions and rights, breach notification (72 h), return/deletion at end, liability, governing law (Hamburg). The finalisation note describes the contact path (legal@filemorph.io) and turnaround.

This is published as a template — not a binding contract — so a reviewer can read the substance before requesting a signed instance. The wording matches the existing /enterprise template language ("DPA template in pilot conversation"), so the public claim is now backed by a public artefact.

2. REMOVE docs/sprint-s1-technology-first.md (moved to docs-internal/)

PM-Agent + Business-Agent both flagged this as sprint-internal history unsuitable for the public repo. The file lists S1 commit SHAs with internal rationale ("our 2 GB output cap would have OOM-killed a small- RAM server", "we audited as one batch before push") — useful when reviewing historical engineering decisions, not useful for self-hosters or compliance reviewers. Self-host onboarding lives in README + docs/installation.md + docs/self-hosting.md, not in this sprint recap.

The file is preserved locally under docs-internal/sprint-history/ (gitignored, intentionally outside the public repo). Per the security audit's recommendation, no force-push or filter-repo: the historical content remains retrievable via git log on this commit, which matches the project's transparency posture (git history is a feature, not a liability, for a Compliance-Edition product whose customers audit provenance).

What this PR does NOT touch (deferred):

• .github/workflows/notify-ops.yml — moving requires coordinated change in MrChengLen/filemorph-ops (set up reverse polling first), then delete here; otherwise a deploy gap opens. Tracked for a follow-up PR that includes both sides.
• enterprise.html / COMMERCIAL-LICENSE.md claims-audit — three promise/reality wording fixes need legal review before commit (Business-Agent recommendation). Tracked for PR-Audit-Claims-1.
• .env.example sectioning + Phase 2/3 of the post-audit plan — separate PRs to keep diffs reviewable.