… (Phase E)

Adds one new probe to `scripts/hcg-policy-smoke.sh` so the §1.5 operator
pre-check isolates the no-match → default-deny branch of the gateway's
three-tier lookup (exact → regex → global) at the `{:error, :no_match}`
clause in `http-capability-gateway/lib/http_capability_gateway/gateway.ex`.

Before this PR the smoke script's verb-canary block covered six
unknown-method regressions (DELETE/PUT/PATCH on listed exact paths,
OPTIONS on a listed path, DELETE on a regex-matched route, GET on a
POST-only public route). All six exercise a known path with a verb
outside `global_verbs`. None of them exercises the symmetric pathway: a
verb that *is* in `global_verbs` against a path that has no matching
rule at all. That branch is independently possible to break (a regression
in the global-fallback handling alone would leak there without
triggering any of the existing canaries) so the operator pre-check now
fails closed on both classes.

The new probe targets `GET /__phase-e-canary-unknown-path__` — a
synthetic path that cannot collide with any real route in
`config/gateway-policy-boj.yaml` or any future addition (the prefix is
reserved for this probe by the comment in the script). GET is in
`global_verbs`, so the only way this can default-deny is the no-match
branch.

Runbook §1.5 prose updated to describe the new canary alongside the
existing verb canaries; version bumped 0.5 → 0.6. The §1.5 checkbox
itself stays open — it requires the operator to actually run the script
against staging, which is unchanged.

`bash -n scripts/hcg-policy-smoke.sh` passes. No Elixir / Idris / CI
workflow files touched.

Refs hyperpolymath/standards#91
Refs hyperpolymath/standards#100

(Per rollout runbook §6.5 — single-lane channel discipline — this PR
deliberately does NOT `Closes #100`. Phase E close is owner-driven and
gated on §3.3 (100% soak), §6.4 (Trustfile flip), and cerro-torre
`.ctp` signing. Each Phase E sub-task PR is a `Refs`-only advance.)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>