[Task]: Add async policies and external governance checks

[rian-be]

Summary

Support asynchronous policy evaluation and external governance dependencies.

Goal

Allow governance runtime and policy evaluation to integrate with external identity, ticketing, quota, and compliance systems without forcing everything through synchronous contracts.

Problem

As governance moves closer to real approval and compliance workflows, synchronous-only policy evaluation becomes too limiting. Real deployments will depend on external systems for approver identity, approval evidence, ticket status, quota checks, and compliance verification.

Scope

• Introduce EvaluateAsync(...) policy support
• Preserve lightweight sync path where appropriate
• Define ordering and timeout semantics for multiple async policies
• Support external approval, identity, ticketing, quota, or compliance checks
• Define timeout and cancellation semantics for external governance dependencies

Design Expectations

• Sync and async policy paths should coexist without ambiguous behavior.
• External failures, timeouts, and cancellations should be part of the explicit runtime contract.
• Governance runtime should remain testable without requiring live external systems.
• Approval and external check semantics should compose cleanly rather than producing hidden branching logic.

Acceptance Criteria

• Runtime supports asynchronous policy evaluation paths
• External governance checks have explicit timeout/cancellation behavior
• Sync and async policy paths coexist without ambiguous semantics
• Examples or docs show the intended integration model

Non-Goals

• This issue does not implement one specific external provider by default
• This issue does not replace the core sync execution path
• This issue does not add UI-driven approval tooling

Notes

This becomes increasingly important once governance execution is wired to real identity and approval systems.