task: approval token chain

Add a runtime approval-token ledger so policy-blocked actions can require scoped owner grants, consume one-time tokens, reject replay, and retain delegation traceability.\n\nConstraint: Task 3 scope is the G004 approval-token chain for runtime event/report contract families.\nRejected: Extending the existing permission prompt path directly | the token contract can be tested independently without changing live tool authorization behavior.\nConfidence: high\nScope-risk: narrow\nDirective: Keep approval grants scoped to policy/action/repo/branch before wiring them into external execution paths.\nTested: cargo check --manifest-path rust/Cargo.toml --workspace; cargo test --manifest-path rust/crates/runtime/Cargo.toml; cargo test --manifest-path rust/crates/runtime/Cargo.toml approval_token -- --nocapture\nNot-tested: cargo clippy --manifest-path rust/crates/runtime/Cargo.toml --all-targets -- -D warnings is blocked by pre-existing warnings in compact.rs, file_ops.rs, policy_engine.rs, and sandbox.rs.

rust/crates/runtime/src/approval_tokens.rs

@@ -90,8 +90,8 @@ pub enum ApprovalTokenError {
     ApprovalRevoked,
     ApprovalAlreadyConsumed,
     ScopeMismatch {
-        expected: ApprovalScope,
+        expected: Box<ApprovalScope>,
-        actual: ApprovalScope,
+        actual: Box<ApprovalScope>,
     },
     UnauthorizedDelegate {
         expected: String,
@@ -296,8 +296,8 @@ impl ApprovalTokenLedger {
 
         if grant.scope != *scope {
             return Err(ApprovalTokenError::ScopeMismatch {
-                expected: grant.scope.clone(),
+                expected: Box::new(grant.scope.clone()),
-                actual: scope.clone(),
+                actual: Box::new(scope.clone()),
             });
         }