feat: Implement BerkeleyDB reader for RPM databases

- Added BerkeleyDbReader class to read and extract RPM header blobs from BerkeleyDB hash databases.
- Implemented methods to detect BerkeleyDB format and extract values, including handling of page sizes and magic numbers.
- Added tests for BerkeleyDbReader to ensure correct functionality and header extraction.

feat: Add Yarn PnP data tests

- Created YarnPnpDataTests to validate package resolution and data loading from Yarn PnP cache.
- Implemented tests for resolved keys, package presence, and loading from cache structure.

test: Add egg-info package fixtures for Python tests

- Created egg-info package fixtures for testing Python analyzers.
- Included PKG-INFO, entry_points.txt, and installed-files.txt for comprehensive coverage.

test: Enhance RPM database reader tests

- Added tests for RpmDatabaseReader to validate fallback to legacy packages when SQLite is missing.
- Implemented helper methods to create legacy package files and RPM headers for testing.

test: Implement dual signing tests

- Added DualSignTests to validate secondary signature addition when configured.
- Created stub implementations for crypto providers and key resolvers to facilitate testing.

chore: Update CI script for Playwright Chromium installation

- Modified ci-console-exports.sh to ensure deterministic Chromium binary installation for console exports tests.
- Added checks for Windows compatibility and environment variable setups for Playwright browsers.

src/Web/StellaOps.Web/scripts/ci-console-exports.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Runs the console exports Karma specs with a deterministic Chromium binary.
+# Installs the Playwright Chromium browser into the cache if not present.
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+NODE_BIN="${NODE_BIN:-$(command -v node || true)}"
+# Fallback for Windows-hosted shells where node.exe isn't on the WSL PATH.
+if [[ -z "$NODE_BIN" && -x "/mnt/c/Program Files/nodejs/node.exe" ]]; then
+  NODE_BIN="/mnt/c/Program Files/nodejs/node.exe"
+fi
+WINDOWS_NODE=0
+if [[ "$NODE_BIN" == *.exe || "$NODE_BIN" == /mnt/c/* || "$NODE_BIN" == /c/* ]]; then
+  WINDOWS_NODE=1
+fi
+if [[ -z "$NODE_BIN" ]]; then
+  echo "node executable not found; set NODE_BIN or ensure Node.js is on PATH." >&2
+  exit 1
+fi
+
+# Convert project path for Windows node.exe so module resolution works.
+if [[ "$WINDOWS_NODE" -eq 1 ]]; then
+  if command -v wslpath >/dev/null 2>&1; then
+    ROOT_FOR_NODE="$(wslpath -m "$ROOT_DIR")"
+  elif command -v cygpath >/dev/null 2>&1; then
+    ROOT_FOR_NODE="$(cygpath -m "$ROOT_DIR")"
+  else
+    ROOT_FOR_NODE="$ROOT_DIR"
+  fi
+else
+  ROOT_FOR_NODE="$ROOT_DIR"
+fi
+
+export PATH="$ROOT_FOR_NODE/node_modules/.bin:$PATH"
+if [[ "$WINDOWS_NODE" -eq 1 ]]; then
+  WIN_HOME="${USERPROFILE:-}"
+  if [[ -z "$WIN_HOME" && -d "/mnt/c/Users/${USER:-}" ]]; then
+    WIN_HOME="$(wslpath -m "/mnt/c/Users/${USER:-}")"
+  fi
+  if [[ -z "$WIN_HOME" && -n "${HOME:-}" && -x "$(command -v wslpath 2>/dev/null)" ]]; then
+    WIN_HOME="$(wslpath -m "$HOME" | sed 's#/[^/]*$##')"
+  fi
+  DEFAULT_PW_PATH="$( [[ -n "$WIN_HOME" ]] && printf '%s/AppData/Local/ms-playwright' "$WIN_HOME" || printf 'C:/Users/Default/AppData/Local/ms-playwright' )"
+  export PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-$DEFAULT_PW_PATH}"
+  PW_SEARCH_PATH="$(command -v wslpath >/dev/null 2>&1 && wslpath "$PLAYWRIGHT_BROWSERS_PATH" || printf '%s' "$PLAYWRIGHT_BROWSERS_PATH")"
+else
+  export PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-$HOME/.cache/ms-playwright}"
+  PW_SEARCH_PATH="$PLAYWRIGHT_BROWSERS_PATH"
+fi
+export NG_PERSISTENT_BUILD_CACHE="${NG_PERSISTENT_BUILD_CACHE:-1}"
+
+# Ensure Chromium is available (offline-friendly cache path is respected by PLAYWRIGHT_BROWSERS_PATH).
+"$NODE_BIN" "$ROOT_FOR_NODE/node_modules/@playwright/test/cli.js" install chromium >/dev/null
+
+# Resolve the Chromium binary using the shared helper.
+if [[ -n "${CHROME_BIN:-}" && -x "${CHROME_BIN}" ]]; then
+  CHROME_BIN="${CHROME_BIN}"
+else
+  CHROME_BIN="$("$NODE_BIN" -e "const { resolveChromeBinary } = require('${ROOT_FOR_NODE}/scripts/chrome-path'); const p = resolveChromeBinary('${ROOT_FOR_NODE}'); if (!p) { process.exit(1); } console.log(p);")" || true
+  if [[ -z "${CHROME_BIN:-}" ]]; then
+    CHROME_BIN="$(ls "$PW_SEARCH_PATH"/chromium-*/chrome-win/chrome.exe 2>/dev/null | head -n1 || true)"
+  fi
+  if [[ -z "${CHROME_BIN:-}" ]]; then
+    echo "Failed to locate Chromium binary; set CHROME_BIN or install Playwright browsers." >&2
+    exit 1
+  fi
+  if [[ "$WINDOWS_NODE" -eq 1 && -x "$(command -v wslpath 2>/dev/null)" ]]; then
+    CHROME_BIN_WIN="$(wslpath -m "$CHROME_BIN")"
+    CHROME_BIN="$CHROME_BIN_WIN"
+  fi
+fi
+export CHROME_BIN
+export STELLAOPS_CHROMIUM_BIN="$CHROME_BIN"
+if [[ "$WINDOWS_NODE" -eq 1 ]]; then
+  export WSLENV="${WSLENV:-}:CHROME_BIN/p:STELLAOPS_CHROMIUM_BIN/p:PLAYWRIGHT_BROWSERS_PATH/p:NG_PERSISTENT_BUILD_CACHE"
+fi
+
+# Run only the console exports specs to keep CI fast and deterministic.
+"$NODE_BIN" "$ROOT_FOR_NODE/node_modules/@angular/cli/bin/ng.js" test \
+  --watch=false \
+  --browsers=ChromeHeadlessOffline \
+  --progress=false \
+  --include src/app/core/api/console-export.client.spec.ts \
+  --include src/app/core/console/console-export.store.spec.ts \
+  --include src/app/core/console/console-export.service.spec.ts