feat(3.0.0): Algorithm Cards per UAPF v2.3.0 chapter 13

Wrap the three opaque UAPF-IP capabilities (ai.redact@1, ai.extract@1,
event.emit@1) in Algorithm Cards under algorithms/, per UAPF v2.3.0
chapter 13. Each Card supplies intent, IO contract, ownership,
validation history, risk class, audit configuration, and (where
relevant) privacy/risk extensions. Cards are referenced from resource
targets in resources/mappings.yaml.

Changes:
- NEW algorithms/pii_redactor.card.yaml — deterministic redactor
- NEW algorithms/vdvc_semantic_extractor.card.yaml — stochastic LLM
  extractor, EU AI Act high-risk, human oversight mandatory
- NEW algorithms/completion_event_emitter.card.yaml — deterministic
  CloudEvents 1.0 emitter
- uapf.yaml + manifest.json: version 2.0.0 -> 3.0.0,
  + paths.algorithms, + algorithm_cards: true
- resources/mappings.yaml: single agent.semantic-extractor target
  split into 3 algorithm-specific targets, each w/ algorithm_card ref
- bpmn/: UNCHANGED (algorithm-card refs live on resource targets,
  not in BPMN — no extension elements required)
- Removed provides_decisions from manifest (was not in SSOT manifest
  schema; DMN decisions are self-describing via the dmn/ cornerstone)
- README rewritten with algorithm-card audit-question table

manifest.json

@@ -2,9 +2,18 @@
   "kind": "uapf.package",
   "id": "dev.uapf.semantic-document-analysis",
   "name": "Semantic Document Analysis",
-  "description": "Level-4 UAPF process for semantic analysis of free-text documents.\n\nThree BPMN service tasks invoke the UAPF-IP capabilities ai.redact@1,\nai.extract@1 and event.emit@1. Three DMN decision tables encode the\ndeterministic algorithm the host previously hid inside application\ncode: assess-personal-data-risk maps PII regex signals to a risk\nlevel; gdpr-processing-route selects CENTRAL vs LOCAL processing,\nanonymisation and redaction level; human-validation-gate applies the\nconfidence thresholds that decide REJECTED / PENDING_REVIEW /\nAPPROVED_AUTO.\n\nOnly the semantic extraction is a model step. Risk classification,\nGDPR routing and the validation gate are explicit ranked rules in\nversioned DMN \u2014 inspectable, auditable, portable. Extraction output\nvalidates against the VDVC v1.1 semantic-summary JSON Schema.\n",
+  "description": "Level-4 UAPF process for semantic analysis of free-text documents.\n\nThree BPMN service tasks invoke the UAPF-IP capabilities ai.redact@1,\nai.extract@1 and event.emit@1. Three DMN decision tables encode the\ndeterministic algorithm the host previously hid inside application\ncode: assess-personal-data-risk maps PII regex signals to a risk\nlevel; gdpr-processing-route selects CENTRAL vs LOCAL processing,\nanonymisation and redaction level; human-validation-gate applies the\nconfidence thresholds that decide REJECTED / PENDING_REVIEW /\nAPPROVED_AUTO.\n\nOnly the semantic extraction is a model step. Risk classification,\nGDPR routing and the validation gate are explicit ranked rules in\nversioned DMN \u2014 inspectable, auditable, portable. Extraction output\nvalidates against the VDVC v1.1 semantic-summary JSON Schema.\n\nv3.0.0: the three opaque host capabilities (ai.redact@1,\nai.extract@1, event.emit@1) are now governed by Algorithm Cards\nin algorithms/ per UAPF v2.3.0 chapter 13. Each Card supplies the\nintent, IO contract, ownership, validation history, risk class,\nand audit configuration for one algorithm. Cards are referenced\nfrom resource targets in resources/mappings.yaml.\n",
   "level": 4,
-  "version": "2.0.0",
+  "version": "3.0.0",
+  "requires_capabilities": [
+    "ai.redact@1+",
+    "ai.extract@1+",
+    "event.emit@1+"
+  ],
+  "profiles_supported": [
+    "uapf-ip-orchestrated"
+  ],
+  "guardrails": "resources/guardrails.yaml",
   "includes": [],
   "dependencies": {},
   "cornerstones": {
@@ -18,8 +27,10 @@
     "dmn": "dmn",
     "cmmn": "cmmn",
     "resources": "resources",
-    "metadata": "metadata"
+    "metadata": "metadata",
+    "algorithms": "algorithms"
   },
+  "algorithm_cards": true,
   "exposure": {
     "mcp": {
       "enabled": true,