feat(deck): add preview-only Steam Deck shell

[papi-ux]

Summary

• Adds a native Steam Deck preview shell under clients/deck/ with CMake/C++20 core tests and an optional Qt 6/QML UI.
• Renders deterministic preview-only host cards, a read-only Polaris library fixture, and controller-first focus/copy behavior.
• Adds a typed DeckLaunchIntentBoundary so launch intent data is explicit and blocked by default before any real execution path exists.

Scope

This PR is intentionally preview-only. It validates layout, controller focus/copy behavior, read-only shared Polaris contract data, and a typed launch-intent safety boundary.

It does not start Polaris, discover hosts, pair devices, persist HostStore data, call a network API, invoke Moonlight, spawn shell/processes, or launch a real game.

Validation

• git diff --check origin/master -> passed
• cmake --build build/deck-fallback-packaging -j$(nproc) -> passed
• ctest --test-dir build/deck-fallback-packaging --output-on-failure -> 1/1 passed
• cmake --build build/deck-qt-packaging -j$(nproc) -> passed
• ctest --test-dir build/deck-qt-packaging --output-on-failure -> 2/2 passed
• ./build/deck-qt-packaging/nova_deck_layout_test -> passed

Public/safety surface

• Added local/private paths: 0
• LAN/private host identifiers: 0
• Secret-looking assignments: 0
• Private key blocks: 0
• Added network APIs/calls: 0
• Added process-execution APIs: 0 real blockers

The only whole-branch exec scanner hit is Qt's normal application event loop: return app.exec();. That is not shell/process execution.