feat(security): seed Yerin agent + registry-selectable MCP server

- migration 011_yerin.sql: seed read-only 'yerin' agent ({read:true}, kind claude,
  model NULL = server default; switch to local Ollama via agents.model anytime)
- companion-stdio.js: select the toolset from VOID_TOOL_REGISTRY ('security' →
  Yerin's securityRegistry; default → Dross's companionRegistry)
- tests/mcp/registry_select.test.js

Remaining for Yerin (left for review): an entry point (route or cron) + persona
prompt — see docs/yerin-security-agent.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

lib/db/migrations/011_yerin.sql

@@ -0,0 +1,10 @@
+-- Seed Yerin, the security agent. READ-ONLY by capability (no suggest/write):
+-- she investigates and reports; remediation goes through you. Runs on the same
+-- claude CLI subscription path as Dross (model NULL = server default); switch to
+-- a local Ollama model later by setting agents.model. See docs/yerin-security-agent.md.
+INSERT INTO agents (slug, name, kind, model, capabilities)
+VALUES (
+  'yerin', 'Yerin', 'claude', NULL,
+  '{"read":true,"suggest":false,"write":false}'::jsonb
+)
+ON CONFLICT (slug) DO NOTHING;