feat(ttp): E.3.10 IntelLifter (R0054-R0058)

Per-provider verdict translator for AbuseIPDB, GreyNoise, Feodo Tracker,
and ThreatFox per Appendix A.10. Each rule's predicate inspects payload
fields produced by the enrich worker (no DB I/O, no decnet.intel.*
imports — E.2.7 decoupling guard preserved). AbuseIPDB confidence is
scaled by abuse_confidence_score / 100; categories drive per-technique
fan-out. R0058 aggregate-bump is a no-op in v0 (cross-tag bump deferred
to E.3.14 worker bootstrap).

Per-provider null tolerance is the steady state — a missing provider
column produces zero tags from that rule, never an error.

Tests:
- tests/ttp/test_intel_lifter.py — per-provider positive + negative +
  state modulation + decoupling source-import guard.
- tests/ttp/rule_precision/test_intel_rules.py — xfail flipped, real
  precision driven over seed_intel.jsonl (R0054-R0057 H-band ≥95%;
  R0058 skipped as bump-only).
- tests/ttp/test_lifter_absence.py — IntelLifter all-populated test
  flipped from xfail-strict to real assertion with realistic payload.
- tests/ttp/test_lifters.py — partial-null xfail flipped to real
  assertion.

decnet/ttp/factory.py

@@ -115,9 +115,13 @@ def get_tagger() -> Tagger:
     name = os.environ.get("DECNET_TTP_TAGGER_TYPE", _DEFAULT).strip().lower()
     if name == "composite":
         from decnet.ttp.impl.behavioral_lifter import BehavioralLifter
+        from decnet.ttp.impl.intel_lifter import IntelLifter
         from decnet.ttp.store.factory import get_rule_store
         store = get_rule_store()
-        return CompositeTagger(lifters=[BehavioralLifter(store)])
+        return CompositeTagger(lifters=[
+            BehavioralLifter(store),
+            IntelLifter(store),
+        ])
     raise ValueError(
         f"Unknown tagger: {name!r}. Known: {_KNOWN}"
     )