docs: add ADR-017 (track the three repo-policy rules)

[tikankika]

Documents the decision behind PR #30 — why data-protection.md, internal-docs-boundary.md and publish-readiness.md are tracked in .claude/rules/ while the rest of .claude/ stays git-ignored.

Why now

The rule files were tracked in #30, but the rationale was never written down — so the decision read as "these are public and I don't know why". This ADR fixes that.

What it records

• Decision: track exactly those three rules via an explicit .gitignore allowlist (fails closed); keep process rules, acdm.json, .mcp.json, CLAUDE.md ignored.
• Rationale: protection travels with the repo (the inverse of ADR-015) — a clone or fork should carry the rules that keep the repo safe.
• Alternatives: ignore-all / track-all / track-the-three, with pros and cons.
• Safety precondition: the three files were reviewed as public-safe (no PII, no real paths, no secrets — generic placeholders only) before tracking.
• Forward rule: a new rule joins the tracked set only if it describes the repo / is read by repo-tooling and passes the same public-safe review.

First ADR physically in the repo (docs/decisions/); the historical set still lives in the internal docs.

🤖 Generated with Claude Code