docs: add Formula + Cook terminology and example formulas (gt-8tmz)

Updates to molecule-algebra.md:
- Added Formulas and Cooking section
- Four-tier model: Formula → cook → Proto → pour/wisp → Mol/Wisp
- Breaking Bad × Mad Max naming (Let's cook!)
- Updated vision diagram

New example formulas:
- shiny.formula.yaml (Engineer in a Box)
- rule-of-five.formula.yaml (Jeffrey's Rule expansion macro)
- security-audit.formula.yaml (AOP aspect)
- shiny-enterprise.formula.yaml (composed example)

.beads/formulas/security-audit.formula.yaml

@@ -0,0 +1,48 @@
+# security-audit.formula.yaml
+# AOP aspect for security scanning at implementation boundaries
+
+formula: security-audit
+type: aspect
+description: |
+  Cross-cutting security concern. Applies security scanning
+  before and after implementation steps.
+
+  This is an ASPECT - it doesn't run standalone. Apply it
+  to other formulas using --with-aspect.
+version: 1
+
+pointcuts:
+  - glob: "*.implement"
+  - glob: "*.submit"
+
+advice:
+  around:
+    before:
+      - id: security-prescan
+        description: |
+          Pre-implementation security check.
+
+          - Review for secrets/credentials in scope
+          - Check dependencies for known vulnerabilities
+          - Verify security requirements are understood
+        args:
+          target: "{step.id}"
+
+    after:
+      - id: security-postscan
+        description: |
+          Post-implementation security scan.
+
+          - Scan new code for vulnerabilities (SAST)
+          - Check for hardcoded secrets
+          - Verify auth/authz patterns
+          - Review for OWASP Top 10 issues
+        args:
+          target: "{step.id}"
+        output:
+          approved: boolean
+          findings: list
+
+      - gate:
+          condition: "security-postscan.output.approved == true"
+          message: "Security approval required before proceeding"