feat(db-tool): hectic-inheritance: bootstrap hectic.created_at / hectic.updated_at inheritance hook

Adds a SQL bundle plus event triggers that enforce `INHERITS (hectic.created_at)`
on every user CREATE TABLE and auto-attach a BEFORE UPDATE row trigger when a
table inherits `hectic.updated_at`. Always-exempt: `hectic`, `information_schema`,
`pg_*`, declarative partitions, temp tables. Per-DB opt-out via the GUC
`hectic.inheritance_extra_excluded_schemas`.

Exposed three ways:
  * `pkgs.hectic.hectic-inheritance` — derivation with the SQL at
    $out/share/hectic/hectic-inheritance.sql
  * `self.lib.hecticInheritance.{sql,path}` — pkgs-free Nix surface
  * `postgres-init` opt-in via `PG_HECTIC_INHERITANCE=1` (HECTIC_INHERITANCE_SQL
    overrides the default)

Test postgres-init-hectic-inheritance covers all six branches: bootstrap,
non-inheriting reject, accepting inheritance, auto updated_at trigger fires,
GUC exclusion, declarative partition exemption.

lib/default.nix

@@ -100,6 +100,19 @@ in {
   # -- Cargo.toml --
   cargoToml = src: (builtins.fromTOML (builtins.readFile "${src}/Cargo.toml"));
 
+  # SQL bundle bootstrapping `hectic.created_at` / `hectic.updated_at` inheritance enforcement.
+  # Consumers can either:
+  #   * read the SQL string for inline pipelines: `self.lib.hecticInheritance.sql`
+  #   * reference the source path: `self.lib.hecticInheritance.path`
+  #   * use the per-system package: `pkgs.hectic.hectic-inheritance` (provides
+  #     `$out/share/hectic/hectic-inheritance.sql`)
+  hecticInheritance = let
+    path = ../package/db-tool/sql/hectic-inheritance.sql;
+  in {
+    inherit path;
+    sql = builtins.readFile path;
+  };
+
   ssh.keys = {
     hetzner-test = {
       yukkop = ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8scy1tv6zfXX6xyaukhO/fsZwif5rC89DvXNc6XxOf'';