feat: implement Phase 1 — Lustre codegen pipeline with WCET analysis

Implement the full lustreiser code generation pipeline:

- Manifest: [project], [[nodes]] with typed/rated signals, [target]
  (arm-cortex-m/riscv/x86 + DO-178C/IEC-61508/ISO-26262), [timing]
- Codegen: parser.rs (validate node definitions), lustre_gen.rs
  (generate .lus files with pre/fby/when/merge clock operators),
  c_gen.rs (generate deterministic C with state structs and step functions)
- ABI: LustreNode, Clock, TemporalOperator, Signal, SignalType,
  SafetyStandard, WCET, EmbeddedTarget — all with validation and Display
- Tests: 36 unit tests + 8 integration tests covering flight controller,
  ABS controller, industrial safety interlock, multi-rate sensor fusion,
  manifest validation, init template, and x86 simulation
- Example: flight-controller/ with multi-node avionics manifest

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

Cargo.lock

@@ -0,0 +1,47 @@
+= Flight Controller Example
+// SPDX-License-Identifier: PMPL-1.0-or-later
+
+A simplified fixed-wing aircraft flight controller demonstrating lustreiser's
+core capabilities:
+
+* **Multi-node decomposition**: attitude control + navigation filter
+* **Multi-rate signals**: GPS at 10Hz vs IMU at 200Hz (clock calculus)
+* **DO-178C compliance**: avionics safety standard with WCET analysis
+* **Deterministic C output**: suitable for ARM Cortex-M bare-metal
+
+== Running
+
+[source,bash]
+----
+# Validate the manifest
+lustreiser validate -m examples/flight-controller/lustreiser.toml
+
+# Generate Lustre and C code
+lustreiser generate -m examples/flight-controller/lustreiser.toml \
+    -o generated/flight-controller
+
+# Inspect generated files
+ls generated/flight-controller/
+# attitude_ctrl.lus  attitude_ctrl.h  attitude_ctrl.c
+# nav_filter.lus     nav_filter.h     nav_filter.c
+# wcet_report.txt
+----
+
+== Architecture
+
+----
+ IMU (200Hz)          GPS (10Hz)       Barometer (40Hz)
+   |                    |                   |
+   v                    v                   v
++------------------+  +---------------------+
+| attitude_ctrl    |  | nav_filter          |
+| (5ms period)     |  | (5ms period,        |
+|                  |  |  multi-rate inputs)  |
+| pitch_err -----> elevator_cmd  |          |
+| roll_err  -----> aileron_cmd   |          |
+| yaw_err   -----> rudder_cmd    |          |
++------------------+  +---------------------+
+                         |
+                    est_lat, est_lon,
+                    est_alt, est_heading
+----

examples/flight-controller/README.adoc

@@ -0,0 +1,79 @@
+# lustreiser manifest — Flight controller example
+# SPDX-License-Identifier: PMPL-1.0-or-later
+#
+# This manifest describes a simplified flight controller for a fixed-wing
+# aircraft. It demonstrates:
+#   - Multi-node decomposition (attitude control + navigation filter)
+#   - Multi-rate signals (GPS at 10Hz vs IMU at 200Hz)
+#   - DO-178C avionics safety standard
+#   - Tight WCET deadline (5ms)
+#
+# Usage:
+#   lustreiser validate -m examples/flight-controller/lustreiser.toml
+#   lustreiser generate -m examples/flight-controller/lustreiser.toml -o generated/flight-controller
+
+[project]
+name = "flight-controller"
+version = "1.0.0"
+
+# --- Attitude control node ---
+# Runs at 200Hz (5ms period). Takes Euler angle errors from the INS
+# and computes control surface deflection commands.
+[[nodes]]
+name = "attitude_ctrl"
+inputs = [
+    "pitch_err:real",
+    "roll_err:real",
+    "yaw_err:real",
+    "airspeed:real",
+]
+outputs = [
+    "elevator_cmd:real",
+    "aileron_cmd:real",
+    "rudder_cmd:real",
+]
+
+[nodes.clock]
+base-period-ms = 5
+
+# --- Navigation filter node ---
+# Runs at 200Hz base clock, but GPS inputs are sampled at 10Hz (every 20 ticks).
+# This requires Lustre clock calculus (when/merge) to handle rate adaptation.
+[[nodes]]
+name = "nav_filter"
+inputs = [
+    "imu_accel_x:real",
+    "imu_accel_y:real",
+    "imu_accel_z:real",
+    "imu_gyro_x:real",
+    "imu_gyro_y:real",
+    "imu_gyro_z:real",
+    "gps_lat:real@20",
+    "gps_lon:real@20",
+    "gps_alt:real@20",
+    "baro_alt:real@5",
+]
+outputs = [
+    "est_lat:real",
+    "est_lon:real",
+    "est_alt:real",
+    "est_heading:real",
+]
+
+[nodes.clock]
+base-period-ms = 5
+
+# --- Target platform ---
+# ARM Cortex-M7 (e.g. STM32H743) with hardware FPU.
+# Certified to DO-178C Level A (catastrophic failure condition).
+[target]
+platform = "arm-cortex-m"
+safety-standard = "DO-178C"
+
+# --- Timing constraints ---
+# 5ms period => 5000us deadline.
+# WCET analysis enabled: the generator will produce a static estimate
+# and flag any node that risks exceeding the deadline.
+[timing]
+deadline-us = 5000
+wcet-analysis = true