pk-doctor: sensitive-data.email-address lacks allowlist for project public identity + synthetic deploy authors

[projectious]

Summary

pk-doctor's sensitive_data check fires WARN sensitive-data.email-address on emails that are intentionally public (project's official contact identity) or synthetic (deploy commit-author addresses). There is no way to mark them as expected.

Repro examples (ai-market-research)

WARN src/scripts/release/phase3-privacy-clean.sh:97
  email address: info@projectious.work

phase3 actually documents this address as the project's official public identity:

'projectious' (handle) and 'info@projectious.work' (email) are the official public identity; they are NOT leaks.

WARN src/scripts/deploy.sh:124
  email address: deploy@ai-market-research.local

This is a synthetic git commit-author for an unattended deploy.

3 hits in our health report — all false positives.

Expected

A project-level allowlist mechanism, e.g. a key in `.processkit-provenance.toml` or a sibling `.pk-doctor-allowlist.toml`:

```toml
[sensitive_data.email_allowlist]
addresses = ["info@projectious.work", "deploy@ai-market-research.local"]
```

When configured, the check should pass (or downgrade to INFO with a different finding id).

Suggested fix

Add an allowlist loader in `pk-doctor/scripts/checks/sensitive_data.py`; document the config surface in pk-doctor SKILL.md.

Impact

Every release-process script trips this warning. `pk-doctor` cannot meaningfully reach 0-WARN on a project with public contact info.