feat: add security sink detection patterns for JavaScript/TypeScript

- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.

src/Scanner/StellaOps.Scanner.Worker/Program.cs

@@ -161,6 +161,33 @@ builder.Services.AddSingleton<IScanStageExecutor, Reachability.ReachabilityBuild
 builder.Services.AddSingleton<IScanStageExecutor, Reachability.ReachabilityPublishStageExecutor>();
 builder.Services.AddSingleton<IScanStageExecutor, EntropyStageExecutor>();
 
+// Verdict push infrastructure (Sprint: SPRINT_4300_0001_0001_oci_verdict_attestation_push)
+if (workerOptions.VerdictPush.Enabled)
+{
+    builder.Services.AddSingleton(sp =>
+    {
+        var opts = sp.GetRequiredService<IOptions<ScannerWorkerOptions>>().Value.VerdictPush;
+        return new StellaOps.Scanner.Storage.Oci.OciRegistryOptions
+        {
+            DefaultRegistry = opts.DefaultRegistry,
+            AllowInsecure = opts.AllowInsecure,
+            Auth = new StellaOps.Scanner.Storage.Oci.OciRegistryAuthOptions
+            {
+                Username = opts.Auth.Username,
+                Password = opts.Auth.Password,
+                Token = opts.Auth.Token,
+                AllowAnonymousFallback = opts.Auth.AllowAnonymousFallback
+            }
+        };
+    });
+    builder.Services.AddHttpClient<StellaOps.Scanner.Storage.Oci.OciArtifactPusher>(client =>
+    {
+        client.Timeout = workerOptions.VerdictPush.Timeout;
+    });
+    builder.Services.AddSingleton<StellaOps.Scanner.Storage.Oci.VerdictOciPublisher>();
+    builder.Services.AddSingleton<IScanStageExecutor, Processing.VerdictPushStageExecutor>();
+}
+
 builder.Services.AddSingleton<ScannerWorkerHostedService>();
 builder.Services.AddHostedService(sp => sp.GetRequiredService<ScannerWorkerHostedService>());