sdk(P1.10): embedded parity self-test + attesto doctor

A trimmed (~1.7 KB) copy of the cross-language parity vectors now ships inside
each package (Python package-data JSON, Go go:embed, TS generated module). On
the first hashing operation per process each SDK recomputes the commitment
hash, the receipt domain-hash, and an inclusion fold against the vendored
vectors and fails closed (AttestoSelfTestError / ErrSelfTest) on any mismatch
— a corrupted install or diverging runtime can never silently produce wrong
evidence. Result is cached (including failure); cost <5 ms once. Corrupting a
vendored vector is test-asserted to fail closed in all three languages. The
frozen canonical primitives are untouched; the gate lives in the commitment/
verify entry points built on top of them.

attesto doctor: Go CLI subcommand and Python attesto.doctor(), producing a
deterministic {"ok", "checks"} report — vendored self-test, head-store
writability, number-policy dry-run on a sample payload, Ed25519 availability
(Python), and with credentials: reachability, protocol-header acceptance, and
clock skew vs the server Date header (warn >30 s; webhooks break at 300 s).

package_artifact_policy allows exactly attesto/_selftest_vectors.json in the
wheel (verified: built wheel contains it, policy green). READMEs updated.
This completes the last Phase-1 build item.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

selftest_test.go

@@ -0,0 +1,26 @@
+package attesto
+
+import (
+	"bytes"
+	"errors"
+	"testing"
+)
+
+func TestSelfTestPassesOnVendoredVectors(t *testing.T) {
+	if err := EnsureSelfTest(); err != nil {
+		t.Fatalf("self-test failed on shipped vectors: %v", err)
+	}
+}
+
+func TestCorruptedVendoredVectorFailsClosed(t *testing.T) {
+	corrupted := bytes.Replace(
+		selftestVectors,
+		[]byte(`"canonical_payload_hash": "`),
+		[]byte(`"canonical_payload_hash": "0`),
+		1,
+	)
+	err := runSelfTest(corrupted)
+	if !errors.Is(err, ErrSelfTest) {
+		t.Fatalf("expected ErrSelfTest, got %v", err)
+	}
+}