Add unit tests for SBOM ingestion and transformation

- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.

docs/modules/notify/resources/samples/airgap-bundle-import@1.sample.json

@@ -0,0 +1,29 @@
+{
+  "eventId": "99b40f9c-4a34-4a5f-9e1a-0c1e5a97c0bb",
+  "kind": "airgap.bundle.import",
+  "version": "1",
+  "tenant": "tenant-01",
+  "ts": "2025-10-30T22:05:18+00:00",
+  "actor": "airgap-importer",
+  "payload": {
+    "bundleId": "mirror-2025-10-30",
+    "importedAt": "2025-10-30T22:02:03Z",
+    "links": {
+      "audit": "https://authority.airgap.local/authority/audit/airgap/entries/mirror-2025-10-30",
+      "docs": "https://docs.stella-ops.org/airgap/airgap-mode.html#import"
+    },
+    "remediation": "Review bundle warnings and plan the next mirror export to keep advisories within the allowed freshness budget.",
+    "severity": "medium",
+    "status": "completed",
+    "warnings": [
+      {
+        "code": "feeds.outdated",
+        "message": "OSV feed is 2 days old; schedule next mirror export sooner."
+      }
+    ]
+  },
+  "attributes": {
+    "importer": "ops:olivia",
+    "category": "airgap"
+  }
+}

docs/modules/notify/resources/samples/airgap-portable-export-completed@1.sample.json

@@ -0,0 +1,40 @@
+{
+  "eventId": "6a9f4e37-5053-4a40-9761-5c0a0a857ee2",
+  "kind": "airgap.portable.export.completed",
+  "version": "1",
+  "tenant": "tenant-01",
+  "ts": "2025-11-02T21:45:12+00:00",
+  "actor": "export-center",
+  "payload": {
+    "bundleId": "portable-2025-11-02",
+    "checksum": {
+      "sha256": "f4f56c7d9a68ee4d4c324e7d782f9e2a3c1c4b2fa83f39c7c4b5f9f047d3af11",
+      "sha512": "c2d1b5ec4784f8cfe317aa7c501c7fd736b119f1d0d1eaa99bf3d6f4f70a85b7e699f356e2f3d3d8c536a8a6f2a506d1c2f458f8829b6f8d9c4abe0ac7edb5a1"
+    },
+    "exportedAt": "2025-11-02T21:43:05Z",
+    "links": {
+      "docs": "https://docs.stella-ops.org/airgap/portable-evidence.html",
+      "manifest": "https://authority.airgap.local/export/bundles/portable-2025-11-02/export.json"
+    },
+    "locations": [
+      {
+        "availableUntil": "2025-11-09T00:00:00Z",
+        "path": "/data/offline-kit/bootstrap/exports/portable/portable-2025-11-02.tar.zst",
+        "type": "file"
+      },
+      {
+        "reference": "registry.airgap.local/offline/portable@sha256:f4f56c7d9a68ee4d4c324e7d782f9e2a3c1c4b2fa83f39c7c4b5f9f047d3af11",
+        "type": "oci"
+      }
+    ],
+    "profile": "portable-evidence:mirror-full",
+    "remediation": "Distribute the portable evidence bundle to downstream enclaves before the freshness budget expires.",
+    "severity": "medium",
+    "sizeBytes": 73400320,
+    "status": "completed"
+  },
+  "attributes": {
+    "profile": "portable-evidence",
+    "category": "airgap"
+  }
+}

docs/modules/notify/resources/samples/airgap-time-drift@1.sample.json

@@ -0,0 +1,26 @@
+{
+  "eventId": "5cf2d3b2-9b90-4f7d-9a9a-54b8b5a5e3aa",
+  "kind": "airgap.time.drift",
+  "version": "1",
+  "tenant": "tenant-01",
+  "ts": "2025-10-31T06:15:00+00:00",
+  "actor": "airgap-time",
+  "payload": {
+    "anchorId": "anchor-2025-10-28",
+    "anchorIssuedAt": "2025-10-28T05:00:00Z",
+    "budgetSeconds": 259200,
+    "driftSeconds": 216000,
+    "links": {
+      "docs": "https://docs.stella-ops.org/airgap/staleness-and-time.html"
+    },
+    "nextAnchorDueBy": "2025-11-01T05:00:00Z",
+    "remainingSeconds": 43200,
+    "remediation": "Import the latest mirror bundle to refresh the time anchor or extend the budget via policy override before sealed mode blocks scheduled jobs.",
+    "severity": "high",
+    "status": "critical"
+  },
+  "attributes": {
+    "category": "airgap",
+    "anchorBudgetHours": "72"
+  }
+}