Add unit tests for SBOM ingestion and transformation

- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.

etc/authority.yaml.sample

@@ -65,6 +65,24 @@ notifications:
     scope: "notify.escalate"
     requireAdminScope: true
 
+vulnerabilityExplorer:
+  workflow:
+    antiForgery:
+      enabled: true
+      audience: "stellaops:vuln-workflow"
+      defaultLifetime: "00:10:00"
+      maxLifetime: "00:30:00"
+      maxContextEntries: 16
+      maxContextValueLength: 256
+  attachments:
+    enabled: true
+    payloadType: "application/vnd.stellaops.vuln-attachment-token+json"
+    defaultLifetime: "00:30:00"
+    maxLifetime: "04:00:00"
+    maxMetadataEntries: 16
+    maxMetadataValueLength: 512
+    # Authority signs attachment tokens; Policy/UI must call verify before honouring downloads.
+
 delegation:
   quotas:
     # Maximum concurrent delegated (service account) tokens per tenant.
@@ -81,6 +99,7 @@ delegation:
       authorizedClients:
         - "export-center-worker"
       attributes:
+        # Keys map to vulnerability ABAC parameters (vuln_env / vuln_owner / vuln_business_tier).
         env: [ "prod", "stage" ]
         owner: [ "secops" ]
         business_tier: [ "tier-1" ]