feat: add security sink detection patterns for JavaScript/TypeScript

- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.

src/__Libraries/StellaOps.Testing.Manifests/StellaOps.Testing.Manifests.csproj

@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Json.Schema.Net" Version="7.2.0" />
+    <PackageReference Include="JsonSchema.Net" Version="7.2.0" />
     <PackageReference Include="System.Collections.Immutable" Version="9.0.0" />
   </ItemGroup>
 

src/__Libraries/StellaOps.Testing.Manifests/Validation/RunManifestValidator.cs

@@ -24,11 +24,11 @@ public sealed class RunManifestValidator : IRunManifestValidator
 
         var json = RunManifestSerializer.Serialize(manifest);
         var schemaResult = _schema.Evaluate(JsonDocument.Parse(json));
-        if (!schemaResult.IsValid)
+        if (!schemaResult.IsValid && schemaResult.Errors is not null)
         {
             foreach (var error in schemaResult.Errors)
             {
-                errors.Add(new ValidationError("Schema", error.Message));
+                errors.Add(new ValidationError("Schema", error.Value ?? "Unknown error"));
             }
         }