feat: Enhance MongoDB storage with event publishing and outbox support

- Added `MongoAdvisoryObservationEventPublisher` and `NatsAdvisoryObservationEventPublisher` for event publishing.
- Registered `IAdvisoryObservationEventPublisher` to choose between NATS and MongoDB based on configuration.
- Introduced `MongoAdvisoryObservationEventOutbox` for outbox pattern implementation.
- Updated service collection to include new event publishers and outbox.
- Added a new hosted service `AdvisoryObservationTransportWorker` for processing events.

feat: Update project dependencies

- Added `NATS.Client.Core` package to the project for NATS integration.

test: Add unit tests for AdvisoryLinkset normalization

- Created `AdvisoryLinksetNormalizationConfidenceTests` to validate confidence score calculations.

fix: Adjust confidence assertion in `AdvisoryObservationAggregationTests`

- Updated confidence assertion to allow a range instead of a fixed value.

test: Implement tests for AdvisoryObservationEventFactory

- Added `AdvisoryObservationEventFactoryTests` to ensure correct mapping and hashing of observation events.

chore: Configure test project for Findings Ledger

- Created `Directory.Build.props` for test project configuration.
- Added `StellaOps.Findings.Ledger.Exports.Unit.csproj` for unit tests related to findings ledger exports.

feat: Implement export contracts for findings ledger

- Defined export request and response contracts in `ExportContracts.cs`.
- Created various export item records for findings, VEX, advisories, and SBOMs.

feat: Add export functionality to Findings Ledger Web Service

- Implemented endpoints for exporting findings, VEX, advisories, and SBOMs.
- Integrated `ExportQueryService` for handling export logic and pagination.

test: Add tests for Node language analyzer phase 22

- Implemented `NodePhase22SampleLoaderTests` to validate loading of NDJSON fixtures.
- Created sample NDJSON file for testing.

chore: Set up isolated test environment for Node tests

- Added `node-isolated.runsettings` for isolated test execution.
- Created `node-tests-isolated.sh` script for running tests in isolation.

docs/samples/lnm/linkset-lnm-21-002-conflict.json

@@ -0,0 +1,74 @@
+{
+  "_id": "sha256:7b0c471f0b2c4c5f9e19f7bff4c3d9e4e7b2cbf7d5c3e0a58a0cc3314d2c9a10",
+  "tenantId": "urn:tenant:123e4567-e89b-12d3-a456-426614174000",
+  "advisoryId": "GHSA-aaaa-bbbb-cccc",
+  "source": "lnm-correlator",
+  "observations": [
+    "6560606df3c5d6ad3b5b0001",
+    "6560606df3c5d6ad3b5b0002",
+    "6560606df3c5d6ad3b5b0003"
+  ],
+  "key": {
+    "vulnerabilityId": "GHSA-aaaa-bbbb-cccc",
+    "productKey": "pkg:npm/leftpad",
+    "confidence": 0.63
+  },
+  "normalized": {
+    "purls": ["pkg:npm/leftpad"],
+    "versions": ["1.3.0", "1.4.0"],
+    "ranges": [
+      {"type": "semver", "events": [{"introduced": "0"}, {"fixed": "1.3.0"}]},
+      {"type": "semver", "events": [{"introduced": "1.3.0"}, {"fixed": "1.5.0"}]}
+    ],
+    "severities": [
+      {"system": "cvssv3", "score": 5.0, "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},
+      {"system": "cvssv4", "score": 4.8, "vector": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}
+    ]
+  },
+  "conflicts": [
+    {
+      "field": "severity",
+      "reason": "severity-mismatch",
+      "values": [
+        "vendorA:7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+        "vendorB:5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"
+      ]
+    },
+    {
+      "field": "affected",
+      "reason": "affected-range-divergence",
+      "values": [
+        "vendorA:[0,1.3.0]",
+        "vendorB:[1.3.0,1.5.0]",
+        "vendorC:1.4.x only"
+      ]
+    },
+    {
+      "field": "aliases",
+      "reason": "alias-inconsistency",
+      "values": [
+        "vendorA:GHSA-aaaa-bbbb-cccc",
+        "vendorB:CVE-2024-11111"
+      ]
+    },
+    {
+      "field": "references",
+      "reason": "reference-clash",
+      "values": [
+        "vendorA:https://blog.example.com/advisory",
+        "vendorB:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11111"
+      ]
+    }
+  ],
+  "provenance": {
+    "observationHashes": [
+      "8f0f9406349e62a7a9c28b24ec77cbb3b2a13f57d8dc2ed594a2c3fe6edbe201",
+      "0e3ae50c3b2ab9e0ec2bf531d1a61583d79b4b0abeb8ec59269afeb7b8b5f050",
+      "8c87cfcc22ebb7fa6e0c0e9e3d1de0d812e2fd6b05e8c6b0f2c8c7b7f988aaa2"
+    ],
+    "toolVersion": "lnm-21-002",
+    "policyHash": "linkset-correlation-21-002"
+  },
+  "createdAt": "2025-11-20T15:10:00Z",
+  "builtByJobId": "corr-tenant123-ghsa-aaaa-bbbb-cccc"
+}

docs/samples/lnm/linkset-lnm-21-002-sample.json

@@ -0,0 +1,36 @@
+{
+  "_id": "sha256:1f4b6e7c9d5f4e8f4973c8c3dfe1d1d3b4f0ad8991e7d937c6c1d77a9e4b8a21",
+  "tenantId": "urn:tenant:123e4567-e89b-12d3-a456-426614174000",
+  "advisoryId": "CVE-2024-99999",
+  "source": "lnm-correlator",
+  "observations": [
+    "6560606df3c5d6ad3b5a1234",
+    "6560606df3c5d6ad3b5a5678"
+  ],
+  "key": {
+    "vulnerabilityId": "CVE-2024-99999",
+    "productKey": "pkg:npm/lodash",
+    "confidence": 0.92
+  },
+  "normalized": {
+    "purls": ["pkg:npm/lodash"],
+    "versions": ["4.17.21"],
+    "ranges": [
+      {"type": "semver", "events": [{"introduced": "0"}, {"fixed": "4.17.22"}]}
+    ],
+    "severities": [
+      {"system": "cvssv3", "score": 7.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}
+    ]
+  },
+  "conflicts": [],
+  "provenance": {
+    "observationHashes": [
+      "10f4fc0b5c1a1d4c266fafd2b4f45618f6a0a4b86087c3e67e4c1a2c8f38e990",
+      "10f4fc0b5c1a1d4c266fafd2b4f45618f6a0a4b86087c3e67e4c1a2c8f38e991"
+    ],
+    "toolVersion": "lnm-21-002",
+    "policyHash": "linkset-correlation-21-002"
+  },
+  "createdAt": "2025-11-20T15:05:00Z",
+  "builtByJobId": "corr-tenant123-cve-2024-99999"
+}