docs(v1.1): incorporate VynGraph team design decisions

Resolve 5 open questions with VynGraph team input:

1. PROV-O: 8 relations in v1.1 (wasAttributedTo, wasGeneratedBy,
   wasDerivedFrom, used, wasInformedBy, wasAssociatedWith,
   actedOnBehalfOf, Plan subclass). Qualified relations deferred to v1.5.

2. Tenants: Two-tier model. Per-kernel tenant_id for security boundary,
   per-message tenant_id + AuditTag{org_id, engagement_id} for audit.
   TenantRegistry with quotas and per-engagement cost tracking.

3. Rules: Compiled artifact API (CompiledRule). VynGraph does OWL parsing
   + codegen; we execute and hot-swap atomically. Rule-format-agnostic.

4. Migration: 3-phase protocol (quiesce/transfer/swap). 64K in-flight
   buffer per actor (~6.4MB). Default 1K concurrent migration limit,
   optional disk-backed staging for 10K/30s bursts. Rate limiting and
   backpressure in MigrationController.

5. Formal: TLA+ only. No Lean/Coq (that's VynGraph v1.5 territory).
   6 TLA+ models: hlc, k2k_delivery, migration, multi_gpu_k2k,
   tenant_isolation, actor_lifecycle.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: mivertowski