feat: add GuardStepUp node type to node-type-registry

[pyramation]

Summary

Adds a new guard category to the node-type-registry with GuardStepUp — a BEFORE trigger node that enforces require_step_up() (recent password/MFA verification) before allowing DML operations.

// Blueprint usage:
{ $type: 'GuardStepUp', data: { events: ['UPDATE', 'DELETE'], step_up_type: 'password_or_mfa' } }

// With compound conditions (require step-up only when role changes to admin):
{ $type: 'GuardStepUp', data: {
    events: ['UPDATE'],
    conditions: { AND: [
      { field: 'role', op: '=', value: 'admin', row: 'NEW' },
      { field: 'role', op: '!=', value: 'admin', row: 'OLD' }
    ]}
}}

Uses the existing conditionDefs/conditionProperties from conditions/ for compound AND/OR/NOT support, watch_fields, and simple leaf conditions.

Added 'guard' to categoryOrder in generate-types.ts so GuardStepUpParams interface is emitted during codegen.

Mirrors the generator implementation in constructive-db #1541.

Link to Devin session: https://app.devin.ai/sessions/05f55404de8b435db075244b6edb4006
Requested by: @pyramation

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring