feat: add security sink detection patterns for JavaScript/TypeScript

- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.

src/Gateway/StellaOps.Gateway.WebService/Services/GatewayHostedService.cs

@@ -119,7 +119,7 @@ public sealed class GatewayHostedService : IHostedService
 
     private void HandleTlsFrame(string connectionId, Frame frame)
     {
-        _ = HandleFrameAsync(TransportType.Tls, connectionId, frame);
+        _ = HandleFrameAsync(TransportType.Certificate, connectionId, frame);
     }
 
     private void HandleTcpDisconnection(string connectionId)
@@ -434,7 +434,7 @@ public sealed class GatewayHostedService : IHostedService
             return;
         }
 
-        if (transportType == TransportType.Tls)
+        if (transportType == TransportType.Certificate)
         {
             _tlsServer.GetConnection(connectionId)?.Close();
         }

src/Gateway/StellaOps.Gateway.WebService/Services/GatewayTransportClient.cs

@@ -144,7 +144,7 @@ public sealed class GatewayTransportClient : ITransportClient
             case TransportType.Tcp:
                 await _tcpServer.SendFrameAsync(connection.ConnectionId, frame, cancellationToken);
                 break;
-            case TransportType.Tls:
+            case TransportType.Certificate:
                 await _tlsServer.SendFrameAsync(connection.ConnectionId, frame, cancellationToken);
                 break;
             default: