Implement VEX document verification system with issuer management and signature verification

- Added IIssuerDirectory interface for managing VEX document issuers, including methods for registration, revocation, and trust validation.
- Created InMemoryIssuerDirectory class as an in-memory implementation of IIssuerDirectory for testing and single-instance deployments.
- Introduced ISignatureVerifier interface for verifying signatures on VEX documents, with support for multiple signature formats.
- Developed SignatureVerifier class as the default implementation of ISignatureVerifier, allowing extensibility for different signature formats.
- Implemented handlers for DSSE and JWS signature formats, including methods for verification and signature extraction.
- Defined various records and enums for issuer and signature metadata, enhancing the structure and clarity of the verification process.

docs/modules/policy/samples/policy-normalized-field-removal-before.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "https://stellaops.org/schemas/policy/scoring-result-v1.json",
+  "description": "Sample scoring result BEFORE normalized field removal (legacy format)",
+  "scoring_result": {
+    "finding_id": "CVE-2024-1234",
+    "tenant_id": "default",
+    "profile_id": "risk-profile-001",
+    "profile_version": "1.2.0",
+    "raw_score": 7.5,
+    "normalized_score": 0.75,
+    "severity": "high",
+    "signal_values": {
+      "cvss_base": 7.5,
+      "exploitability": 2.8,
+      "impact": 5.9
+    },
+    "scored_at": "2025-12-06T10:00:00Z"
+  },
+  "decision_summary": {
+    "total_decisions": 5,
+    "total_conflicts": 1,
+    "severity_counts": {
+      "critical": 0,
+      "high": 3,
+      "medium": 2,
+      "low": 0
+    },
+    "top_severity_sources": [
+      {
+        "source": "nvd",
+        "total_weight": 1.0,
+        "finding_count": 3
+      },
+      {
+        "source": "vendor-advisory",
+        "total_weight": 0.8,
+        "finding_count": 2
+      }
+    ]
+  }
+}