feat: emit canonical runtime-core receipts in agent-sdk

[GsCommand]

Motivation

• Replace the SDK's local ad-hoc receipt signing with the canonical signing flow from @commandlayer/runtime-core so emitted receipts follow the CommandLayer canonical proof envelope.
• Stop emitting legacy proof fields (legacy canonical, alg, signature, signer_id, kid, signature_b64, hash_sha256) and unify on the canonical envelope (proof.canonicalization, proof.hash.*, proof.signature.*).
• Preserve the existing public CommandLayer.wrap() surface and config compatibility (privateKeyPem, deprecated privateKey alias, keyId mapped to runtime-core kid, and signer/agent) to minimize breaking changes.

Description

• Added @commandlayer/runtime-core dependency in package.json and updated createReceipt to call signCommandLayerReceipt(...) from runtime-core instead of performing local Ed25519 signing.
• Updated src/receipt.ts to use CommandLayerReceipt<ReceiptInput> as the Receipt type and accept runtime-core CommandLayerCanonicalization for canonicalization.
• Rewrote the receipt schema src/schemas.trust-receipt-v1.json to require the canonical proof envelope fields proof.canonicalization, proof.hash.alg/value, and proof.signature.alg/value/kid, and removed legacy proof keys from the schema.
• Updated tests in test/receipt.test.ts and test/trust.test.ts to assert the canonical proof envelope, to use verifyCommandLayerReceipt(...) for local verification/tamper checks, and to stop depending on legacy proof fields.
• Adjusted example output in examples/full-demo.ts and README wording to reference the canonical proof envelope instead of legacy proof fields.
• Files changed include package.json, src/receipt.ts, src/schemas.trust-receipt-v1.json, test/receipt.test.ts, test/trust.test.ts, examples/full-demo.ts, and README.md.

Testing

• Attempted npm install but it failed in the current environment with 403 Forbidden when fetching registry packages, so new dependency installation could not complete.
• Attempted npm run build and npm test but both failed in this environment due to missing dependencies/type declarations stemming from the blocked npm install, so tests could not be executed end-to-end here.
• Unit tests were updated to assert canonical proof fields and to call verifyCommandLayerReceipt(...) for validity and tamper checks, but those updated tests were not run successfully in this environment due to the install/build failures.
• Recommendation: run npm install && npm run build && npm test in CI or a development environment with registry access to validate the runtime-core integration and confirm all tests pass.

---

Codex Task