feat(ttp): implement E.3.14b intel catch-up via attacker.session.ended

On every attacker.session.ended event, the TTP worker now reads the
persisted AttackerIntel row (if any) and synthesizes an intel-source
TaggerEvent so intel-derived tags emit even when attacker.intel.enriched
was dropped or arrived before the worker started.

Key changes:
- AttackerIntel.to_intel_event_payload() — single source of truth for
  the intel-row → lifter payload projection; shared by future callers
  without importing decnet.intel.* (no-SPOF contract preserved).
- BaseRepository.get_attacker_intel_row_by_uuid() — returns the live
  SQLModel instance so the catch-up path can call to_intel_event_payload().
- _build_intel_catchup_event() in ttp/worker.py — looks up the intel row,
  builds the TaggerEvent, returns None on absent row (silence, not error).
- _process_event() extended: appends the catch-up event to tagger_events
  when topic contains "session.ended". Deterministic source_id keeps
  compute_tag_uuid idempotent across replays; INSERT OR IGNORE deduplicates
  against any prior attacker.intel.enriched path.

DummyRepo stub + coverage call added per feedback_run_base_repo_test.md.

decnet/web/db/sqlmodel_repo/attacker_intel.py

@@ -46,6 +46,16 @@ class AttackerIntelMixin(_MixinBase):
             await session.commit()
             return row_uuid
 
+    async def get_attacker_intel_row_by_uuid(
+        self,
+        uuid: str,
+    ) -> Optional[AttackerIntel]:
+        async with self._session() as session:
+            result = await session.execute(
+                select(AttackerIntel).where(AttackerIntel.attacker_uuid == uuid)
+            )
+            return result.scalar_one_or_none()
+
     async def get_attacker_intel_by_uuid(
         self,
         uuid: str,