Add trust classification for memory sources

[romgenie]

Local source: coven-code/issues/08-add-trust-classification-for-memory-sources.md

Summary

Coven Code should classify memory by source trust. Memory learned from maintainer-authored reviews should not be treated the same as memory inferred from contributor PR text or model output.

Current Evidence

• session_memory::MemoryCategory classifies memory by semantic category.
• There is no trust classification on extracted memory.
• TranscriptMessage has user_type, but the memory extractor does not use it to decide durable memory trust.

Problem

In a GitHub App reviewer, memory sources have different trust levels:

• GitHub App system policy.
• Repository maintainer commands.
• Code committed to default branch.
• Contributor PR description and comments.
• Forked code changes.
• Model-inferred summaries.

Without trust classification, untrusted input can become authoritative context for later reviews.

Proposed Design

Add source trust metadata:

pub enum MemorySourceTrust {
    SystemPolicy,
    MaintainerApproved,
    DefaultBranchCode,
    ContributorInput,
    ForkInput,
    ModelInferred,
    Unknown,
}

Trust should be assigned before persistence and enforced during memory loading.

Acceptance Criteria

• Memory records include source trust.
• Hosted mode only loads memory at or above configured trust threshold.
• Memory extracted from untrusted PR/fork context is not durable by default.
• Tests cover trust assignment and filtering.
• Review artifacts include trust level for every memory entry used.

Implementation Notes

The GitHub App control plane can provide actor association and PR fork status. Coven Code should accept that as structured context rather than infer it from text.