Align .github governance manifests to live Verifrax org topology

[midiakiasat]

This change aligns the governance root with the live Verifrax organization inventory.

What changed:

• updates GOVERNED_REPOS.txt to classify every live Verifrax repository explicitly
• clears NON_GOVERNED_REPOS.txt to reflect that no current live repo is outside the governed set
• expands the .github README topology section to include VERIFRAX-WWW, VERIFRAX-API, VERIFRAX-STATUS, VERIFRAX-SURFACE, MAILSIEVE, primitive repositories, and verifrax-marketplace-smoke
• adds an explicit rule that no live repository may remain outside governed or non-governed manifests

Why:
the live organization inventory had moved ahead of the governance manifests.
That created silent parallel topology risk, where repositories existed publicly without explicit governance classification.

This PR closes that gap without changing protocol authority, execution authority, or artifact-chain truth.

[verifrax-systems]

Approved.

Scope is correct:

• only the governance topology surfaces are changed
• live Verifrax repositories are now explicitly classified in the governance manifests
• the README topology surface now includes the newer perimeter repositories
• no protocol authority, execution authority, or artifact-chain overclaim is introduced

This closes silent parallel topology risk at the organization-governance boundary.