feat: add security sink detection patterns for JavaScript/TypeScript

- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.

tests/load/router/thresholds.json

@@ -0,0 +1,55 @@
+{
+  "description": "Router chaos test thresholds for SPRINT_5100_0005_0001",
+  "thresholds": {
+    "recovery_time_seconds": {
+      "max": 30,
+      "description": "Maximum time to recover after load spike"
+    },
+    "throttle_rate_max": {
+      "max": 0.95,
+      "description": "Maximum percentage of requests that can be throttled during spike"
+    },
+    "success_rate_baseline": {
+      "min": 0.99,
+      "description": "Minimum success rate during baseline load"
+    },
+    "success_rate_recovery": {
+      "min": 0.95,
+      "description": "Minimum success rate during recovery phase"
+    },
+    "retry_after_max_seconds": {
+      "max": 300,
+      "description": "Maximum Retry-After value in seconds"
+    },
+    "retry_after_min_seconds": {
+      "min": 1,
+      "description": "Minimum Retry-After value in seconds"
+    },
+    "response_time_p95_ms": {
+      "max": 5000,
+      "description": "95th percentile response time under normal load"
+    },
+    "data_loss_rate": {
+      "max": 0,
+      "description": "No data loss allowed during throttling"
+    }
+  },
+  "scenarios": {
+    "baseline": {
+      "expected_throttle_rate": 0.01,
+      "expected_success_rate": 0.99
+    },
+    "spike_10x": {
+      "expected_throttle_rate": 0.5,
+      "expected_success_rate": 0.5
+    },
+    "spike_50x": {
+      "expected_throttle_rate": 0.9,
+      "expected_success_rate": 0.1
+    },
+    "recovery": {
+      "expected_throttle_rate": 0.05,
+      "expected_success_rate": 0.95
+    }
+  }
+}