Push+continue form of analyze: every rule is analyzed
independently; per-rule errors are collected and the offending
rule is dropped from the returned AnalyzedRuleSet. The caller
uses Diagnostics::has_fatal at the stage boundary to decide
whether to bail or feed the (partial) set into the next stage —
today the compile pipeline always bails because every downstream
stage assumes a complete rule set, but the partial set is still
useful for the dry-run dump endpoint.