feat(form-builder): wire PurposeGuardProvider per purpose (WS-6)

Adds PurposeGuardProvider as a parallel interface to PurposeDefinition
(value object stays untouched). Seven concrete providers, one per v1.0
purpose, each declaring its publish-guard list. Registry resolves and
caches providers via guards_class config key.

Universal guards (MaxOneIdentityKeyPerTargetEntity,
AppendStrategyRequiresCollectionTarget, NoAmbiguousTrustLevels,
IdentityKeyBindingsOnlyInFirstSection) wire into every purpose. The
section guard is a cheap no-op when section_level_submit=false.

ArtistAdvanceGuards omits RequiresIdentityKeyBinding because the
artist subject is resolved via portal token, not form data. Same
reasoning for supplier_intake (production_request) and the auth-based
purposes.

Includes a cross-cutting BindingTypeRegistryConsistencyTest that
verifies tasks 5/7/8 do not contradict each other (registry ↔ guards ↔
purpose required_bindings).

Refs: RFC-WS-6.md §3 (Q9, Q13)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

api/app/FormBuilder/Purposes/Guards/EventRegistrationGuards.php

@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\FormBuilder\Purposes\Guards;
+
+use App\Enums\FormBuilder\FormFieldType;
+use App\FormBuilder\Bindings\BindingTypeRegistry;
+use App\FormBuilder\Publishing\AppendStrategyRequiresCollectionTarget;
+use App\FormBuilder\Publishing\ConditionalRequirement;
+use App\FormBuilder\Publishing\IdentityKeyBindingsOnlyInFirstSection;
+use App\FormBuilder\Publishing\MaxOneIdentityKeyPerTargetEntity;
+use App\FormBuilder\Publishing\NoAmbiguousTrustLevels;
+use App\FormBuilder\Publishing\RequiresFieldType;
+use App\FormBuilder\Publishing\RequiresIdentityKeyBinding;
+use App\FormBuilder\Publishing\SchemaHasLinkedEvent;
+use App\FormBuilder\Publishing\TagCategoriesConfiguredOnAllPickers;
+use App\FormBuilder\Purposes\PurposeGuardProvider;
+use App\Models\FormBuilder\FormField;
+use App\Models\FormBuilder\FormSchema;
+
+final readonly class EventRegistrationGuards implements PurposeGuardProvider
+{
+    public function __construct(private BindingTypeRegistry $registry) {}
+
+    public function publishGuards(): array
+    {
+        return [
+            new RequiresIdentityKeyBinding('person', 'email'),
+            new MaxOneIdentityKeyPerTargetEntity(),
+            new RequiresFieldType(FormFieldType::EMAIL, 1),
+            new ConditionalRequirement(
+                predicate: $this->fieldTypePresent(FormFieldType::AVAILABILITY_PICKER),
+                subGuard: new SchemaHasLinkedEvent(),
+                code: 'availability_picker_requires_event',
+            ),
+            new ConditionalRequirement(
+                predicate: $this->fieldTypePresent(FormFieldType::TAG_PICKER),
+                subGuard: new TagCategoriesConfiguredOnAllPickers(),
+                code: 'tag_picker_requires_tag_categories',
+            ),
+            new AppendStrategyRequiresCollectionTarget($this->registry),
+            new NoAmbiguousTrustLevels(),
+            new IdentityKeyBindingsOnlyInFirstSection(),
+        ];
+    }
+
+    /**
+     * @return \Closure(FormSchema): bool
+     */
+    private function fieldTypePresent(FormFieldType $type): \Closure
+    {
+        $value = $type->value;
+
+        return static function (FormSchema $schema) use ($value): bool {
+            /** @var FormField $field */
+            foreach ($schema->fields as $field) {
+                if ($field->field_type === $value) {
+                    return true;
+                }
+            }
+
+            return false;
+        };
+    }
+}