feat(form-builder): add PublishGuard framework + 9 concrete guards (WS-6)

Per-purpose schema validation composes a PurposeGuardProvider returning
a list of guards. Errors collected (not first-fail) so the builder UI
surfaces every issue per save. ConditionalRequirement composes higher-
order without proliferating one-off classes.

RequiresIdentityKeyBinding checks the is_identity_key flag specifically;
the binding-existence check is handled additively by the existing
assertRequiredBindingsPresent in FormSchemaService.

SchemaHasLinkedEvent checks owner_type='event' + owner_id (FormSchema
uses polymorphic owner; there is no direct event_id column).

i18n messages live in lang/nl/form_builder_publish_guards.php.

Refs: RFC-WS-6.md §3 (Q13), §4 (V1, V3)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

api/tests/Unit/FormBuilder/Publishing/MaxOneIdentityKeyPerTargetEntityTest.php

@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Unit\FormBuilder\Publishing;
+
+use App\FormBuilder\Publishing\MaxOneIdentityKeyPerTargetEntity;
+use App\Models\FormBuilder\FormField;
+use App\Models\FormBuilder\FormFieldBinding;
+use App\Models\FormBuilder\FormSchema;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+final class MaxOneIdentityKeyPerTargetEntityTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_passes_with_zero_identity_keys(): void
+    {
+        $schema = FormSchema::factory()->create();
+        FormField::factory()->create(['form_schema_id' => $schema->id]);
+        $schema->load('fields.bindings');
+
+        $result = (new MaxOneIdentityKeyPerTargetEntity())->evaluate($schema);
+        $this->assertTrue($result->passed);
+    }
+
+    public function test_passes_with_one_identity_key_per_entity(): void
+    {
+        $schema = FormSchema::factory()->create();
+        $field = FormField::factory()->create(['form_schema_id' => $schema->id]);
+        FormFieldBinding::factory()->forField($field)->entityOwned('person', 'email')
+            ->create(['is_identity_key' => true]);
+        $schema->load('fields.bindings');
+
+        $result = (new MaxOneIdentityKeyPerTargetEntity())->evaluate($schema);
+        $this->assertTrue($result->passed);
+    }
+
+    public function test_fails_with_two_identity_keys_same_entity(): void
+    {
+        $schema = FormSchema::factory()->create();
+        $f1 = FormField::factory()->create(['form_schema_id' => $schema->id]);
+        $f2 = FormField::factory()->create(['form_schema_id' => $schema->id]);
+        FormFieldBinding::factory()->forField($f1)->entityOwned('person', 'email')
+            ->create(['is_identity_key' => true]);
+        FormFieldBinding::factory()->forField($f2)->entityOwned('person', 'first_name')
+            ->create(['is_identity_key' => true]);
+        $schema->load('fields.bindings');
+
+        $result = (new MaxOneIdentityKeyPerTargetEntity())->evaluate($schema);
+        $this->assertFalse($result->passed);
+        $this->assertSame('person', $result->context['entity']);
+    }
+
+    public function test_passes_with_one_identity_key_each_on_different_entities(): void
+    {
+        $schema = FormSchema::factory()->create();
+        $f1 = FormField::factory()->create(['form_schema_id' => $schema->id]);
+        $f2 = FormField::factory()->create(['form_schema_id' => $schema->id]);
+        FormFieldBinding::factory()->forField($f1)->entityOwned('person', 'email')
+            ->create(['is_identity_key' => true]);
+        FormFieldBinding::factory()->forField($f2)->entityOwned('company', 'email')
+            ->create(['is_identity_key' => true]);
+        $schema->load('fields.bindings');
+
+        $result = (new MaxOneIdentityKeyPerTargetEntity())->evaluate($schema);
+        $this->assertTrue($result->passed);
+    }
+}