feat(C12): consolidate logging requirements from all chapters into C12

[RicoKomenda]

Summary

• Moves 12 logging-specific requirements scattered across C1, C2, C3, C8, C9, and C11 into C13 as the single authoritative source for all logging controls
• Requirements in source chapters are removed and remaining items renumbered
• Adds a new C13.7 Training Data & Model Lifecycle Audit section for provenance and change-history requirements that had no existing C13 home

Detail

C13.1 Request & Response Logging — 3 items added (moved from C2.2.3, C3.3.4, C8.1.4):

• 13.1.7: screening logs with classifier confidence scores and trace metadata
• 13.1.8: exact hosted model identifier from provider
• 13.1.9: RAG pipeline retrieval events

C13.2 Abuse Detection and Alerting — 1 item added (moved from C11.5.2), former 13.2.7-8 renumbered to 13.2.8-9:

• 13.2.7: extraction-alert event metadata

C13.6 Proactive Security Behavior Monitoring — 3 items added (moved from C9.4.3, C9.6.3, C11.9.3), former 13.6.5 renumbered to 13.6.8:

• 13.6.5: agent audit log records (identity, scope, authorization decisions, parameters, outcomes)
• 13.6.6: kill-switch activations and override commands
• 13.6.7: self-modification event logging

C13.7 Training Data & Model Lifecycle Audit (new section) — 5 items moved from C1.1.2, C1.2.2, C3.2.2, C8.1.2, C1.1.7:

• 13.7.1 (L1): dataset lineage recording
• 13.7.2 (L1): labeling activity logs
• 13.7.3 (L2): immutable audit records for model changes
• 13.7.4 (L2): document tagging at write time
• 13.7.5 (L3): training dataset version tracking for rollback

Motivation

Logging requirements were spread across seven chapters, making it hard for implementers to find and assess all logging controls in one place. C13 is the designated home for observability and audit controls; consolidating here eliminates scatter without losing any content.