feat: Add CVSS receipt management endpoints and related functionality

- Introduced new API endpoints for creating, retrieving, amending, and listing CVSS receipts.
- Updated IPolicyEngineClient interface to include methods for CVSS receipt operations.
- Implemented PolicyEngineClient to handle CVSS receipt requests.
- Enhanced Program.cs to map new CVSS receipt routes with appropriate authorization.
- Added necessary models and contracts for CVSS receipt requests and responses.
- Integrated Postgres document store for managing CVSS receipts and related data.
- Updated database schema with new migrations for source documents and payload storage.
- Refactored existing components to support new CVSS functionality.

src/Policy/StellaOps.Policy.Gateway/Contracts/CvssContracts.cs

@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using StellaOps.Attestor.Envelope;
+using StellaOps.Policy.Scoring;
+using StellaOps.Policy.Scoring.Receipts;
+
+namespace StellaOps.Policy.Gateway.Contracts;
+
+public sealed record CreateCvssReceiptRequest(
+    [Required] string VulnerabilityId,
+    [Required] CvssPolicy Policy,
+    [Required] CvssBaseMetrics BaseMetrics,
+    CvssThreatMetrics? ThreatMetrics,
+    CvssEnvironmentalMetrics? EnvironmentalMetrics,
+    CvssSupplementalMetrics? SupplementalMetrics,
+    IReadOnlyList<CvssEvidenceItem>? Evidence,
+    EnvelopeKey? SigningKey,
+    string? CreatedBy,
+    DateTimeOffset? CreatedAt);
+
+public sealed record AmendCvssReceiptRequest(
+    [Required] string Field,
+    string? PreviousValue,
+    string? NewValue,
+    [Required] string Reason,
+    string? ReferenceUri,
+    EnvelopeKey? SigningKey,
+    string? Actor);
+
+public sealed record CvssReceiptHistoryResponse(
+    string ReceiptId,
+    IReadOnlyList<ReceiptHistoryEntry> History);