Dynamic context sizing for rule injection

[thomas-bartlett]

We need common ground on how much context CodeGuard should consume and what belongs in the core ruleset versus elsewhere.

Questions for input

• How do we decide what goes in the core rules — number of rules, depth of content per rule, and what gets cut?
• Should the served ruleset adjust to the model's context window, or stay fixed regardless of model? One option is tiered profiles (small / medium / large), but is that practical?
• Is it better to keep core rules lean and offload the full set to a subagent that has its own context?
• What standard or heuristic should we adopt for "acceptable context cost" of the rules?

Related: #36 (security-reviewer subagent) and #40 (evaluation harness) — sizing decisions should be testable there.