[Task]: Add governance-aware policy composition

[rian-be]

Summary

Introduce composition primitives for more complex governance policy sets.

Goal

Make multi-policy governance rules easier to express and reuse without pushing all complexity into handwritten policy classes.

Problem

Today, complex governance scenarios tend to get absorbed into bespoke policy classes. That works for small cases, but it does not scale well when policy sets need shared composition rules around severity, requirements, side effects, or metadata.

Scope

• Add composition primitives such as AllOf, AnyOf, and priority-based composition
• Define merge rules for severity, requirements, side effects, and metadata
• Define conflict rules when multiple policies modify the same mutation result
• Add tests and examples for composed governance policies

Design Expectations

• Composition semantics must stay deterministic and auditable.
• Merge rules should be explicit rather than inferred from evaluation order alone.
• Side effects, metadata, and requirements should compose without hidden conflicts.
• The composition surface should reduce handwritten policy duplication instead of creating a second ad hoc policy language.

Acceptance Criteria

• Policy composition supports common governance scenarios without ambiguous merge behavior
• Conflict rules are explicit and documented
• Composed policies are covered by focused tests
• Examples demonstrate at least one reusable composed governance policy set

Non-Goals

• This issue does not introduce a separate DSL or rules engine
• This issue does not replace domain-specific policy code entirely
• This issue does not depend on UI or reporting features

Notes

This is a platform-level capability that becomes more valuable once governed execution and persistence are stable.