[Task]: Harden governance approval workflow semantics

[rian-be]

Summary

Harden the current governance approval workflow so it supports richer operational approval behavior rather than only the first implementation path.

Goal

Turn the existing approval runtime into stronger governance contract with better approval targeting, quorum semantics, expiration behavior, and rejection modeling.

Problem

Approval workflow now exists, but the current model is still close to first functional slice:

• linear approvals are stronger than grouped approvals
• rejection semantics are still fairly thin
• timeout and expiration behavior is not yet approval-specific
• richer role/group/quorum scenarios are not yet first-class

This issue is about making approvals operationally expressive, not merely present.

Scope

• Replace remaining generic approval failure paths with explicit domain outcomes and exceptions
• Add approval groups and role oriented approver targeting
• Support quorum or N of M approval requirements
• Add approval-specific timeout / expiration policies
• Introduce a richer rejection reason model for approvals
• Extend approval examples and tests to cover multi-actor and quorum scenarios

Design Expectations

• Approval semantics should remain request-centric, not mutate the core runtime model into generic workflow engine.
• Approval requirements should support both ordered and grouped behavior where needed.
• Rejection should be auditable as first class business decision, not only a terminal boolean outcome.
• Approval expiration should compose cleanly with request expiration semantics.

Acceptance Criteria

• Approval workflow supports more than linear step completion
• Approval failures are represented through domain specific behavior
• Approval timeouts and rejections are explicit and auditable
• Tests cover group, role, and quorum oriented approval behavior
• Approval example coverage demonstrates at least one non-trivial multi actor scenario

Non-Goals

• This issue does not add persistent provider implementations
• This issue does not implement external identity or ticketing integrations
• This issue does not close the full governed execution loop by itself

Notes

Approval workflow is now hardened in governance. The runtime supports role and group targeting, quorum semantics, approval-specific expiration, and structured rejection reasons.