feat(zastava): add evidence locker plan and schema examples

- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps.
- Added example JSON schemas for observer events and webhook admissions.
- Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control.
- Created alert rules for Vuln Explorer to monitor API latency and projection errors.
- Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails.
- Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization.
- Added expected projection SHA256 for vulnerability events.
- Created k6 load testing script for Vuln Explorer API.
- Added sample projection and replay event data for testing.
- Implemented ReplayInputsLock for deterministic replay inputs management.
- Developed tests for ReplayInputsLock to ensure stable hash computation.
- Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity.
- Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality.
- Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.

ops/devops/tenant/jwks-chaos.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# Simulate JWKS outage for chaos testing (DEVOPS-TEN-49-001)
+# Usage: JWKS_HOST=authority.local JWKS_PORT=8440 DURATION=300 ./jwks-chaos.sh
+set -euo pipefail
+HOST=${JWKS_HOST:-authority}
+PORT=${JWKS_PORT:-8440}
+DURATION=${DURATION:-300}
+
+rule_name=stellaops-jwks-chaos
+
+cleanup() {
+  sudo iptables -D OUTPUT -p tcp --dport "$PORT" -d "$HOST" -j DROP 2>/dev/null || true
+}
+trap cleanup EXIT
+
+sudo iptables -I OUTPUT -p tcp --dport "$PORT" -d "$HOST" -j DROP
+echo "JWKS traffic to ${HOST}:${PORT} dropped for ${DURATION}s" >&2
+sleep "$DURATION"
+cleanup