Align package and manifest release metadata

[GsCommand]

Motivation

• Ensure package metadata and manifest naming are consistent so consumers and packaging tools see the same package identity.
• Make active-versus-pinned release status explicit and machine-readable to reduce ambiguity between the in-repo v1.1.0 family and the last pinned canonical v1.0.0 release.
• Clarify human-facing changelog wording to avoid accidentally describing a pre-pinning release as fully canonical.
• Keep final security/provenance wording for a later same-day pass and avoid changing SECURITY* content in this pass.

Description

• Updated package.json description to reference the active v1.1.0 schema family and added the keyword protocol-commons while removing legacy x402 positioning from keywords.
• Revised CHANGELOG.md wording to describe v1.1.0 as the active in-repo schema surface and to explicitly retain v1.0.0 as the last pinned canonical release until pinning is completed.
• Aligned manifest.json package name with package.json, simplified schemas_cid to a machine-readable PENDING value, and updated the description to reference the active v1.1.0 family.
• Added explicit machine-readable active_release and pinned_canonical_release objects in manifest.json (including version, status, schemas_root, commons_root, examples_root, schemas_cid, and pin_status) to make active vs pinned state clear for programmatic consumers.

Testing

• Ran npm run test:smoke:pack which executed the prepack checks and produced a successful package pack. (succeeded)
• Ran the alignment check node -e "const fs=require('fs'); const m=JSON.parse(fs.readFileSync('manifest.json','utf8')); const p=JSON.parse(fs.readFileSync('package.json','utf8')); if(m.name!==p.name) throw new Error('name mismatch'); if(m.active_release.version!==p.version) throw new Error('active release mismatch'); console.log('manifest/package metadata aligned:', {name:p.name, version:p.version, active:m.active_release.version, pinned:m.pinned_canonical_release.version});" which validated the name and active release version alignment. (succeeded)

---

Codex Task