Add enterprise dashboard cohort privacy guard

[zergzorg]

/claim #19

Summary

• Adds enterprise-dashboard-cohort-privacy-guard, a self-contained Enterprise Tooling slice for institutional admin dashboard privacy.
• Reviews synthetic dashboard rows before they are shown or exported, enforcing small-cohort suppression, named-contributor k-anonymity, private-project masking, department/lab rollup minimums, sensitive tag masking, and raw export blocks.
• Generates deterministic JSON, Markdown, SVG, and H.264 MP4 reviewer artifacts from synthetic organization analytics data.

Why this solves part of #19

Issue #19 calls for organization-wide admin dashboards, contributor analytics, usage stats, productivity metrics, compliance tracking, custom initiative tags, APIs/webhooks, and export pipelines. Those surfaces need a guardrail that decides which aggregate metrics can be safely displayed or exported without exposing individual researchers, small labs, private projects, or sensitive tags.

This PR adds that privacy trust boundary for enterprise dashboards before CSV/webhook/external BI export or institutional admin release.

Sponsor decision packet

• What the bounty poster gets: a complete reviewer-ready privacy gate for enterprise dashboard metrics with row-level decisions, admin remediation actions, sanitized export manifests, and stable audit digests.
• How to verify it: run the listed Node checks and inspect reports/dashboard-privacy-packet.json, reports/dashboard-privacy-report.md, reports/summary.svg, and reports/demo.mp4.
• Expected synthetic result: 4 widgets reviewed, 8 rows reviewed, 1 widget held, 3 masked-ready widgets, 1 suppressed row, 3 masked/rolled-up rows, and 1 raw export block.

Non-overlap audit

This is separate from existing #19 submissions around broad dashboards, export packages, compliance packets, webhook delivery/replay, identity provisioning, retention/legal hold, data residency, SLA, secret rotation, quotas, API-change governance, connector certification, incident response, funder exports, AI model governance, dashboard attribution, initiative tags, policy exceptions, IRB consent, data export queues, SCIM deprovisioning, repository deposit reconciliation, notification escalation, cost allocation, LMS passback, webhook payload redaction, and vendor DPA review.

Scope is limited to cohort privacy for aggregate dashboard rows: small-group suppression, private project masking, rollups, and export-safe sanitized rows.

Scope boundaries

• Does not implement a production dashboard UI, data warehouse, live webhook delivery, identity sync, access control, billing, or export adapter.
• Uses synthetic fixtures only: no credentials, private dashboard data, real users, external services, or institutional systems.

Validation

• cd enterprise-dashboard-cohort-privacy-guard && npm run check
• cd enterprise-dashboard-cohort-privacy-guard && npm test
• cd enterprise-dashboard-cohort-privacy-guard && npm run demo
• ffprobe -v error -select_streams v:0 -show_entries stream=codec_name,width,height,duration,avg_frame_rate -show_entries format=size,duration -of default=noprint_wrappers=1 enterprise-dashboard-cohort-privacy-guard/reports/demo.mp4 -> H.264, 960x540, 5s, 15 fps
• git diff --check
• git diff --cached --check

Demo and artifacts

• Short demo video: enterprise-dashboard-cohort-privacy-guard/reports/demo.mp4
• Review packet: enterprise-dashboard-cohort-privacy-guard/reports/dashboard-privacy-packet.json
• Reviewer report: enterprise-dashboard-cohort-privacy-guard/reports/dashboard-privacy-report.md
• Visual summary: enterprise-dashboard-cohort-privacy-guard/reports/summary.svg