feat(smart-clean): add structured targetPaths to ActionItem for execution

ActionItem now carries optional targetPaths so plan.execute can use
plan-carried targets instead of reconstructing execution intent from
findings. This improves execution reliability and enables proper restore
mappings for recovery items.

- Add targetPaths field to ActionItem domain model
- Update plan execution to prefer plan-carried targets with finding fallback
- Expand safe cache path fragments for direct-trash execution
- Add gate review documentation for ATL-211/212/215
- Bump protocol version to 0.3.0

Docs/README.md

@@ -29,6 +29,7 @@ This directory contains the working product, design, engineering, and compliance
 - `Execution/UI-Copy-Walkthrough-2026-03-09.md` — page-by-page UI copy glossary, consistency checklist, and acceptance guide
 - `Execution/Execution-Chain-Audit-2026-03-09.md` — end-to-end review of real vs scaffold execution paths and release-facing trust gaps
 - `Execution/Implementation-Plan-ATL-201-202-205-2026-03-12.md` — implementation plan for internal-beta hardening tasks ATL-201, ATL-202, and ATL-205
+- `Execution/Execution-Credibility-Gate-Review-2026-03-12.md` — gate review for ATL-211, ATL-212, and ATL-215 Smart Clean execution credibility work
 - `Execution/Smart-Clean-Execution-Coverage-2026-03-09.md` — user-facing summary of what Smart Clean can execute for real today
 - `Execution/Smart-Clean-QA-Checklist-2026-03-09.md` — QA checklist for scan, execute, rescan, and physical restore validation
 - `Execution/Smart-Clean-Manual-Verification-2026-03-09.md` — local-machine fixture workflow for validating real Smart Clean execution and restore