feat: Add CVSS receipt management endpoints and related functionality

- Introduced new API endpoints for creating, retrieving, amending, and listing CVSS receipts.
- Updated IPolicyEngineClient interface to include methods for CVSS receipt operations.
- Implemented PolicyEngineClient to handle CVSS receipt requests.
- Enhanced Program.cs to map new CVSS receipt routes with appropriate authorization.
- Added necessary models and contracts for CVSS receipt requests and responses.
- Integrated Postgres document store for managing CVSS receipts and related data.
- Updated database schema with new migrations for source documents and payload storage.
- Refactored existing components to support new CVSS functionality.

deploy/helm/stellaops/README-mock.md

@@ -0,0 +1,16 @@
+# Mock Overlay (Dev Only)
+
+Purpose: let deployment tasks progress with placeholder digests until real releases land.
+
+Use:
+```bash
+helm template mock ./deploy/helm/stellaops -f deploy/helm/stellaops/values-mock.yaml
+```
+
+Contents:
+- Mock deployments for orchestrator, policy-registry, packs-registry, task-runner, VEX Lens, issuer-directory, findings-ledger, vuln-explorer-api.
+- Image pins pulled from `deploy/releases/2025.09-mock-dev.yaml`.
+
+Notes:
+- Annotated with `stellaops.dev/mock: "true"` to discourage production use.
+- Swap to real values once official digests publish; keep mock overlay gated behind `mock.enabled`.