P2.1: domain structs + boundary validation

Add the core distribution domain model under src/domain/ (App, Release,
Artifact, Channel, AuditEvent + Platform/Visibility/ValidationStatus/
RolloutPolicy enums) and a boundary validator that returns one distinct
typed ValidationErr per failure class (BadSlug, EmptyVersion, BadVersion,
BadChannelName, UnknownPlatform, MissingField, BadRollout).

Pure sx, depends only on modules/std.sx; lookups left as linear scans over
List (no HashMap). tests/domain_validate.sx asserts valid App/Release/
Artifact/Channel are accepted and each invalid case is rejected with the
exact expected error tag.

src/domain/artifact.sx

@@ -0,0 +1,26 @@
+#import "modules/std.sx";
+#import "platform.sx";
+
+// Where an artifact sits in the validation pipeline: artifacts enter
+// `pending`, then validation moves them to `valid` or `invalid`.
+ValidationStatus :: enum u8 {
+    pending;
+    valid;
+    invalid;
+}
+
+// A single uploaded binary belonging to a release, for one platform.
+// `sha256` is the lowercase hex digest; `storage_key` locates the bytes
+// in the blob store.
+Artifact :: struct {
+    id: string;
+    app_id: string;
+    release_id: string;
+    platform: Platform;
+    filename: string;
+    content_type: string;
+    size_bytes: s64;
+    sha256: string;
+    storage_key: string;
+    validation_status: ValidationStatus = .pending;
+}