identity: trust-gated federated identity + cross-instance mapping (Phase 4 complete, +13)

federation.sx — peer-asserted subjects, advisory and trust-gated. An
assertion is accepted only from an explicitly trusted peer (else
{error, untrusted}) and is flagged {peer_asserted, Peer}, never promoted to
local authority; acl decides what a peer-asserted identity may do. Cross-
instance subject mapping namespaces remote subjects by peer
({federated, Peer, Remote}) so two peers' "alice" never collide, with
optional explicit aliasing. Adds an audit-completeness test. New
tests/federation.sx. All four phases done — 124/124.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

lib/identity/conformance.sh

@@ -37,6 +37,7 @@ SUITES=(
   "membership|id-membership-test-pass|id-membership-test-count"
   "cache|id-cache-test-pass|id-cache-test-count"
   "audit|id-audit-test-pass|id-audit-test-count"
+  "federation|id-fed-test-pass|id-fed-test-count"
 )
 
 cat > "$TMPFILE" << 'EPOCHS'
@@ -56,6 +57,7 @@ cat > "$TMPFILE" << 'EPOCHS'
 (load "lib/identity/membership.sx")
 (load "lib/identity/cache.sx")
 (load "lib/identity/audit.sx")
+(load "lib/identity/federation.sx")
 (load "lib/identity/tests/session.sx")
 (load "lib/identity/tests/token.sx")
 (load "lib/identity/tests/registry.sx")
@@ -65,6 +67,7 @@ cat > "$TMPFILE" << 'EPOCHS'
 (load "lib/identity/tests/membership.sx")
 (load "lib/identity/tests/cache.sx")
 (load "lib/identity/tests/audit.sx")
+(load "lib/identity/tests/federation.sx")
 (epoch 100)
 (eval "(list id-session-test-pass id-session-test-count)")
 (epoch 101)
@@ -83,6 +86,8 @@ cat > "$TMPFILE" << 'EPOCHS'
 (eval "(list id-cache-test-pass id-cache-test-count)")
 (epoch 108)
 (eval "(list id-audit-test-pass id-audit-test-count)")
+(epoch 109)
+(eval "(list id-fed-test-pass id-fed-test-count)")
 EPOCHS
 
 timeout 600 "$SX_SERVER" < "$TMPFILE" > "$OUTFILE" 2>&1