Add CLAUDE.md defining operational boundaries for AI

[Tosinibikunle]

This document outlines strict operational boundaries and workflows for AI assistants and contributors in a Django REST Framework project, highlighting critical areas that require careful handling.
Fixes #4

[VictorVVedtion]

Thanks for the Django/DRF example @Tosinibikunle — the content quality is excellent, especially the auth/payments/migrations DANGER ZONES.

However, there's a compatibility issue with the Ouro Loop framework parser. framework.py's parse_claude_md() extracts BOUND data using specific header patterns and backtick-wrapped paths. The current format won't be parsed correctly:

What the parser expects (see examples/blockchain-l1/CLAUDE.md for reference):

## BOUND

### DANGER ZONES
- `accounts/` — Django auth app, never modify without security review
- `payments/webhooks.py` — Stripe signature verification
- `migrations/` — Applied migrations are immutable

### NEVER DO
- Never remove DRF permission classes from views
- Never hardcode secrets or API keys
- Never run `migrate --fake` without explicit instruction

### IRON LAWS
- All views must use permission classes (no AllowAny in production)
- Payment state transitions must follow the FSM
- Query optimization: select_related for FK, prefetch_related for M2M

Key differences to fix:

1. Add a ## BOUND parent header
2. Use exactly ### DANGER ZONES, ### NEVER DO, ### IRON LAWS as headers
3. Wrap file/directory paths in backticks (`accounts/`, `payments/`, `migrations/`)
4. Move the "Standard Development Boundaries" content into ### IRON LAWS

The restructured version would work with framework.py verify, prepare.py scan, and the new Sentinel module (v0.3.0) which inherits BOUND rules for autonomous code review.

Happy to help with the restructuring if you'd like!