docs: update ADR according to framework status

* Changes addressing Ty's concerns
* Fixed factual mismatches:
* Request format: Fixed from 4-field sub, act, obj, scope to actual 3-field sub, act, scope, with explanation of how S-A-O-C maps to it
* Policy format: Fixed from p = sub, act, obj, eft to p = sub, act, scope, eft
* New section "Authorization Model Configuration": Documents the actual model.conf (request, policy, role definitions, namespace convention, matcher logic)
* New section "Scope and Subject Polymorphism": Documents the registry pattern with ContentLibraryScope, CourseScope, UserSubject
* API structure: Updated from generic "api.py" to the three actual modules (permissions, roles, users)
* Deployment form: Changed from vague "shared library, Django app, or Tutor plugin" to specific "Django app registered as LMS+CMS plugin via entry_points"
* PolicyCacheControl: Documented the UUID-based cache invalidation mechanism
* Custom matchers: Mentioned is_staff_or_superuser registration
* Legacy compatibility: New consequence documenting the legacy_*_role_permissions pattern
* Cross-reference added

Author: mariajgrimaldi