Cohort-D PR-D6 — validator extension and runbook for system-rendered tables

Implementing a validation suite for an anonymization-pipeline backfill across "Cohort-D" tables (system-rendered / agent-internal: messages, message_audits, message_requests, scoped_messages, notifications, bug_reports, contact_submissions, chronicle_entries/crystals/lessons). Spec required 9 distinct cross-cohort invariants in a single validate.ts script, each with positive AND negative test coverage, runbook STOP criteria matching an existing A1 runbook shape, and stripping legacy KMS column-name references (body_raw_encrypted / body_raw_keyref) from architecture docs (zero-match grep gate).

Constraints made the implementation non-trivial:

1. Existing validate.ts already had three phase runners (3/4/5) that returned phase: 3|4|5 numeric literals. Adding a "cohortD" phase required widening the union to a string-typed PhaseId without breaking _internal consumers.
2. Assertions touch live Postgres but tests must run under vitest with no DATABASE_URL.
3. Per-assertion positive AND negative tests means 9 × 2 = 18+ unit cases that can't all live in DB.