v0.12.0 — Plugin Unification & Hardening

Plugin terminology unified — RunePackage → Plugin, loadRunePackage/mergePackages → loadPlugin/mergePlugins, config field site.packages[] → site.plugins[]. Repo layout moved from runes/{marketing,…}/ to plugins/{marketing,…}/. The deprecated top-level config.packages[] shorthand was removed in favour of the existing config.plugins[] which now covers both rune contributions and CLI commands.
Config follow-ups (WORK-176) — JSON Schema now published at a versioned URL (https://refrakt.md/schemas/v0.11/refrakt.config.schema.json) with the unversioned URL kept as a "latest" alias; create-refrakt scaffolds derive the versioned URL from the package version. RefraktConfig.contentDir, theme, and target typed as optional with adapter code migrated to resolveSite(). Flat-shape configs now emit a one-time deprecation warning with a v1.0 removal target. SiteConfig.target downgraded to documentation-only (no adapter validates or consumes it).
Security policy for transform pipeline (WORK-177) — opt-in SecurityPolicy with three tiers so hosted products can render untrusted author content with layered defences. Tier 1 ('strict') sanitises script/handler/iframe content in-package and ships a non-removable banner. Tier 2 adds an opaque-origin iframe with srcdoc + meta-CSP gating connect-src, form-action, img-src, script-src, style-src. Tier 3 supports a separate-origin sandbox endpoint with real CSP response headers. Default remains 'trusted' — no behaviour change for self-hosted users. Plugin authors honour the policy via config.variables.__securityPolicy.
Auto-migration of legacy packages config field — transform loader transparently rewrites packages: [...] to plugins: [...] so projects still on the old field keep working through the deprecation window.

No work items linked to this milestone.