feat: add k9iser.toml and generate K9 contracts

Adds k9iser manifest for http-capability-gateway (yard tier). Sources:
mix.exs, Justfile, Containerfile, CI workflows. Elixir/Plug gateway service.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: hyperpolymath

k9iser.toml

@@ -0,0 +1,55 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+#
+# k9iser manifest for http-capability-gateway
+# Generates K9 contracts from repo configuration files.
+# http-capability-gateway is an Elixir/Plug HTTP capability enforcement gateway
+
+[project]
+name = "http-capability-gateway"
+safety_tier = "yard"
+
+[[source]]
+path = "mix.exs"
+type = "mix"
+output = "generated/k9iser/mix-manifest.k9"
+
+[[source]]
+path = "Justfile"
+type = "justfile"
+output = "generated/k9iser/justfile-recipes.k9"
+
+[[source]]
+path = "Containerfile"
+type = "containerfile"
+output = "generated/k9iser/container-build.k9"
+
+[[source]]
+path = ".github/workflows/hypatia-scan.yml"
+type = "workflow"
+output = "generated/k9iser/ci-security.k9"
+
+[[source]]
+path = ".github/workflows/codeql.yml"
+type = "workflow"
+output = "generated/k9iser/ci-codeql.k9"
+
+[[constraint]]
+rule = "mix.dependencies has no retired packages"
+severity = "error"
+
+[[constraint]]
+rule = "services.gateway.environment contains 'VERISIMDB_URL'"
+severity = "warn"
+
+[[constraint]]
+rule = "container.base_image uses chainguard or distroless"
+severity = "warn"
+
+[[constraint]]
+rule = "workflows includes hypatia-scan"
+severity = "error"
+
+[[constraint]]
+rule = "mix.application.start_permanent is true in prod"
+severity = "error"