feat: AssetRepository SQLite + cycle need-review persistant (v0.10.0)

Table assets sur node:sqlite (Node 24, zéro dep native) : CRUD,
listByStatus, incrementExec, setRiskTier anti-escalade, expireProvisional
(cron PROVISOIRE→BLOQUÉ). 6 tests. Bump Node 24 (sqlite stable), Dockerfile
24.13 + copie tsconfig.build.json. 0 vuln.

Palier de risque : reversible (persistance d'état, aucune mutation d'infra).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

orchestrator/Dockerfile

@@ -1,15 +1,15 @@
 # CHLOVA backend — image multi-stage, base épinglée (jamais :latest).
-# TODO épingler le digest (node:22.14-bookworm-slim@sha256:...) avant déploiement réel.
+# TODO épingler le digest (node:24.13-bookworm-slim@sha256:...) avant déploiement réel.
 
-FROM node:22.14-bookworm-slim AS build
+FROM node:24.13-bookworm-slim AS build
 WORKDIR /app
 COPY package.json package-lock.json* ./
 RUN npm ci
-COPY tsconfig.json ./
+COPY tsconfig.json tsconfig.build.json ./
 COPY src ./src
 RUN npm run build
 
-FROM node:22.14-bookworm-slim AS runtime
+FROM node:24.13-bookworm-slim AS runtime
 ENV NODE_ENV=production
 WORKDIR /app
 COPY package.json package-lock.json* ./