feat(taxonomy): add ar_query_receipts and ar_verify_chain to taxonomy

[ojongerius]

When the agent calls its own introspection tools (ar_query_receipts, ar_verify_chain), they show up as unknown / medium risk in the receipt table instead of getting a meaningful action type.

These should be added to taxonomy.json with an appropriate action type — probably filesystem.file.read and low risk since they're read-only queries against the local SQLite store.

Found during a live trial session where the agent queried its own audit trail mid-session.

[ojongerius]

Deferring this to v2.

ADR-0010 (Daemon Process Separation) — currently Proposed — directly bears on this:

• The ADR's thesis is that an agent auditing itself is not a meaningful audit, which is exactly the pattern these tools enable.
• Under the daemon model, emitters lose direct SQLite access, so ar_query_receipts and ar_verify_chain (which call store.query() and verifyStoredChain(store, …)) will stop functioning at the v2 cutover.
• The v2 redesign will determine whether these tools survive in IPC-client form or are removed entirely. Classifying them now is throwaway work in either case.

Long-term, taxonomy classification should move to the daemon — emitter-supplied action_type is agent-asserted and therefore forgeable, which contradicts ADR-0010's trust model. The mapping table belongs on the trusted side (the daemon) where it can canonicalize before signing.

Keeping open to surface during v2 / ADR-0010 work.