Host-aware local-auth policy evaluation for enterprise SSO enforcement.
@type decision() :: :allow | {:deny, atom(), map()}