feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint.
- Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately.
- Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly.
- Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.

src/StellaOps.Scanner.Storage.Tests/StorageDualWriteFixture.cs

@@ -11,6 +11,7 @@ using StellaOps.Scanner.Storage.ObjectStore;
 using StellaOps.Scanner.Storage.Repositories;
 using StellaOps.Scanner.Storage.Services;
 using Xunit;
+using Microsoft.Extensions.Time.Testing;
 
 namespace StellaOps.Scanner.Storage.Tests;
 
@@ -34,21 +35,24 @@ public sealed class StorageDualWriteFixture
     {
         var options = BuildOptions(dualWrite: true, mirrorBucket: "mirror-bucket");
         var objectStore = new InMemoryArtifactObjectStore();
+        var fakeTime = new FakeTimeProvider(new DateTimeOffset(2025, 10, 19, 12, 0, 0, TimeSpan.Zero));
 
         await InitializeMongoAsync(options);
         var provider = new MongoCollectionProvider(_fixture.Database, Options.Create(options));
-        var artifactRepository = new ArtifactRepository(provider);
-        var lifecycleRepository = new LifecycleRuleRepository(provider);
+        var artifactRepository = new ArtifactRepository(provider, fakeTime);
+        var lifecycleRepository = new LifecycleRuleRepository(provider, fakeTime);
         var service = new ArtifactStorageService(
             artifactRepository,
             lifecycleRepository,
             objectStore,
             Options.Create(options),
-            NullLogger<ArtifactStorageService>.Instance);
+            NullLogger<ArtifactStorageService>.Instance,
+            fakeTime);
 
         var bytes = System.Text.Encoding.UTF8.GetBytes("test artifact payload");
         using var stream = new MemoryStream(bytes);
         var expiresAt = DateTime.UtcNow.AddHours(6);
+        var expectedTimestamp = fakeTime.GetUtcNow().UtcDateTime;
 
         var document = await service.StoreArtifactAsync(
             ArtifactDocumentType.LayerBom,
@@ -71,6 +75,8 @@ public sealed class StorageDualWriteFixture
         Assert.Equal(1, artifact.RefCount);
         Assert.Equal("compliance", artifact.TtlClass);
         Assert.True(artifact.Immutable);
+        Assert.Equal(expectedTimestamp, artifact.CreatedAtUtc);
+        Assert.Equal(expectedTimestamp, artifact.UpdatedAtUtc);
 
         var lifecycleCollection = _fixture.Database.GetCollection<LifecycleRuleDocument>(ScannerStorageDefaults.Collections.LifecycleRules);
         var lifecycle = await lifecycleCollection.Find(x => x.ArtifactId == document.Id).FirstOrDefaultAsync();
@@ -78,6 +84,7 @@ public sealed class StorageDualWriteFixture
         Assert.Equal("compliance", lifecycle!.Class);
         Assert.True(lifecycle.ExpiresAtUtc.HasValue);
         Assert.True(lifecycle.ExpiresAtUtc.Value <= expiresAt.AddSeconds(5));
+        Assert.Equal(expectedTimestamp, lifecycle.CreatedAtUtc);
     }
 
     [Fact]