Add unit tests for SBOM ingestion and transformation

- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.

etc/bootstrap/notify/rules/airgap-ops.rule.json

@@ -0,0 +1,50 @@
+{
+  "schemaVersion": "notify.rule@1",
+  "ruleId": "rule-airgap-ops",
+  "tenantId": "bootstrap",
+  "name": "Air-gap operations alerts",
+  "description": "Send time-drift, bundle import, and portable export notifications with remediation steps.",
+  "enabled": true,
+  "match": {
+    "eventKinds": [
+      "airgap.time.drift",
+      "airgap.bundle.import",
+      "airgap.portable.export.completed"
+    ],
+    "minSeverity": "medium",
+    "labels": [],
+    "namespaces": [],
+    "repositories": [],
+    "digests": [],
+    "componentPurls": [],
+    "verdicts": [],
+    "kevOnly": false,
+    "vex": {
+      "includeAcceptedJustifications": true,
+      "includeRejectedJustifications": true,
+      "includeUnknownJustifications": true,
+      "justificationKinds": []
+    }
+  },
+  "actions": [
+    {
+      "actionId": "email-airgap-ops",
+      "channel": "email:airgap-ops",
+      "template": "airgap-ops",
+      "enabled": true,
+      "metadata": {
+        "locale": "en-us"
+      }
+    }
+  ],
+  "labels": {
+    "category": "airgap"
+  },
+  "metadata": {
+    "source": "bootstrap-pack"
+  },
+  "createdBy": "bootstrap-pack",
+  "createdAt": "2025-11-03T08:00:00Z",
+  "updatedBy": "bootstrap-pack",
+  "updatedAt": "2025-11-03T08:00:00Z"
+}