ente-policy-provider, ente-tmpfiles-compat, journald export format

- ente-policy-provider (nuevo): BusServer que se anuncia como
  POLKIT_DECISION_IFACE provider. Decode blob (pid_be|uid_be|action_id),
  consulta /etc/ente/policy.json (o defaults), responde [allow|deny].
  Reglas con glob simple (foo.* / *.bar / *), require_uid/require_pid,
  audit flag para logging estructurado. Defaults conservadores: hostname/
  timezone/locale set requieren uid 0.

- ente-tmpfiles-compat (nuevo): aplica directivas de
  /usr/lib/tmpfiles.d, /etc/tmpfiles.d, /run/tmpfiles.d (last-wins).
  Soporta d/D/f/L/r/R/e. Orden: removes → creates → adjusts. lookup_uid
  resuelve usuarios via getpwnam. EPERM en chown silenciado en dev
  (esperado sin root). OneShot.

- journald export format: ente-journalctl gana --output=export
  produce systemd journal export format compatible con
  `journalctl --input-format=export -m`. Fields:
  __CURSOR/__REALTIME_TIMESTAMP/_HOSTNAME/_TRANSPORT, native KEY=value
  preservados, syslog text → MESSAGE=. Filter de bytes seguros
  (ASCII printable + tab) para evitar export multipart binario.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

crates/ente-tmpfiles-compat/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "ente-tmpfiles-compat"
+version = "0.0.1"
+edition.workspace = true
+license.workspace = true
+publish.workspace = true
+
+[[bin]]
+name = "ente-tmpfiles-compat"
+path = "src/main.rs"
+
+[dependencies]
+nix = { workspace = true }
+libc = { workspace = true }
+anyhow = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }