fix: identity discovery uses spoofable process-tree heuristics, not SO_PEERCRED

[manzil-infinity180]

Summary

Documentation claims agent identity is derived via SO_PEERCRED/LOCAL_PEERCRED kernel-level attestation. The implementation uses os.Getppid() + ps commands + strings.Contains(cmd, "claude") to walk the process tree. No socket peer credentials are used anywhere.

Evidence

• internal/identity/discover.go:38 — strings.Contains(cmd, "claude") || strings.Contains(cmd, "node")
• internal/mcp/server.go — uses server.ServeStdio() and http.ListenAndServe(), no Unix domain sockets
• DiscoverFromMCPSocket() is misleadingly named — calls os.Getppid(), not socket credentials
• 4 doc sources claim SO_PEERCRED/LOCAL_PEERCRED: docs/concepts/identity.md, docs/reference/specification.md
• Existing security tests (R3-313, R3-315) already confirm process detection is spoofable

Impact

• Severity: high
• Affected components: internal/identity/, MCP server, all identity-based policy decisions
• A malicious process named "claude" or injected into the process tree can spoof agent identity

Reproduction

1. Create a binary named claude that spawns aflock
2. aflock discovers the fake binary as the agent
3. Identity hash reflects the spoofed binary, not the real agent

Expected Behavior

Use SO_PEERCRED (Linux) / LOCAL_PEERCRED (macOS) for Unix socket connections. Update docs to accurately describe the current heuristic as best-effort for non-socket modes.

Suggested Direction

• Implement Unix domain socket transport for MCP with peer credential extraction
• Add binary hash verification as supplementary identity signal
• Update docs to distinguish kernel-attested vs heuristic identity modes

References

• SPIFFE spec: workload attestation via kernel mechanisms
• docs/concepts/identity.md — claimed SO_PEERCRED usage