Use [Environment]::MachineName instead of $env:COMPUTERNAME

Live kernel NetBIOS name instead of the PowerShell process-env cache.

$env:COMPUTERNAME is populated when PowerShell starts and does not
update if the PC gets renamed (common on Intune-managed Autopilot /
AADJ devices that come up with a DESKTOP-XXXXXXXX name and get
renamed by policy post-imaging). Until the next reboot, the env var
stays stale while 'hostname.exe' already reports the new name.

That mismatch showed up live on the first production retrofit: the
status.json was written under _outputs/logs/DESKTOP-XXXXXXXX/
instead of under the device's current name, and the
TargetHostnames filter and monitor drift-check would likewise see
the stale name.

[Environment]::MachineName reads from the kernel on each call, so
it always returns the current NetBIOS name. Swapped at all five
callsites in GE-Enforce.ps1, Register-GEEnforce.ps1, and
Install-FromManifest.ps1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

playbook/shopfloor-setup/common/Register-GEEnforce.ps1

@@ -62,7 +62,7 @@ $action = New-ScheduledTaskAction `
 # FIPS 180-4 approved.
 $hostHash = [System.BitConverter]::ToUInt32(
     [System.Security.Cryptography.SHA256]::Create().ComputeHash(
-        [System.Text.Encoding]::UTF8.GetBytes($env:COMPUTERNAME)), 0)
+        [System.Text.Encoding]::UTF8.GetBytes([System.Environment]::MachineName)), 0)
 $offsetMin = $hostHash % 5     # 0..4
 
 $startToday = (Get-Date -Hour 0 -Minute $offsetMin -Second 0).AddSeconds(0)