Mission-Bound OAuth MVP

A three-part spec proposal that takes Mission-Bound OAuth from architectural argument to concrete protocol surface. Part 1 frames the problem and the Mission as the missing authority object. Part 2 defines the issuance-bound MVP. Part 3 layers runtime enforcement on top.