v0.2.2 - drift validation hardening
Folds in the validation fix that surfaced while wiring v0.2.1's
drift-gate end-to-end:
- Validate("drift") now accepts FAMLY_EMAIL+FAMLY_PASSWORD
(recommended for CI; refreshing token) in addition to the
static FAMLY_ACCESS_TOKEN. Matches Validate("fetch")'s logic.
- runDrift now calls Validate("drift") and fails fast when the
resolved token is empty, with an error message that names the
protected-variable / protected-ref mismatch as a likely cause.
No behaviour change for the binary's hot path; this lands the
clearer error messages and the corrected validation gate.
Posture and conditions of use unchanged: NOTICE.md.