Every compliance-conscious customer asks for "who pushed what, when". We have hook slots in ReceivePack but no built-in structured audit emission — each consumer has to roll their own.

Scope

• ReceivePack emits a telemetry span/event per ref update with: repo_id, ref, old_sha, new_sha, pusher_identity (caller-provided), timestamp, atomic_group_id, outcome (:ok | :rejected_by_hook | :cas_failed | :rolled_back).
• Event fires after CAS succeeds, before post-receive hook, so a persistence subscriber has a canonical record.
• Same for UploadPack on wants served? Optional — separate ticket if we decide yes.

Acceptance

• Telemetry subscriber receives one event per ref in an atomic push, with correct atomic_group_id linking them.
• A failed atomic push fires :rolled_back events for the whole group.

Related: existing #35 (outcome classification).