feat: Implement Runtime Facts ingestion service and NDJSON reader

- Added RuntimeFactsNdjsonReader for reading NDJSON formatted runtime facts.
- Introduced IRuntimeFactsIngestionService interface and its implementation.
- Enhanced Program.cs to register new services and endpoints for runtime facts.
- Updated CallgraphIngestionService to include CAS URI in stored artifacts.
- Created RuntimeFactsValidationException for validation errors during ingestion.
- Added tests for RuntimeFactsIngestionService and RuntimeFactsNdjsonReader.
- Implemented SignalsSealedModeMonitor for compliance checks in sealed mode.
- Updated project dependencies for testing utilities.

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/basic/app/main.rb

@@ -0,0 +1,27 @@
+require "net/http"
+require "yaml"
+require "oj"
+require "puma"
+require "rake"
+require "clockwork"
+require "resque"
+require "sidekiq"
+require "custom-gem"
+
+class ExampleJob < ActiveJob::Base
+  include Sidekiq::Worker
+
+  def perform(payload)
+    Kernel.system("echo #{payload}")
+    response = Net::HTTP.get(URI("https://scanner.example.invalid"))
+    Marshal.load(response)
+    YAML.load("---\nvalue: #{payload}")
+    Oj.load('{"a":1}')
+    Resque.enqueue(ExampleJob, payload)
+    Sidekiq::Client.push("class" => "ExampleJob", "args" => [payload])
+  end
+end
+
+Clockwork.every(1.minute, "heartbeat.job") do
+  system("echo heartbeat")
+end

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/basic/expected.json

@@ -6,10 +6,22 @@
     "name": "custom-gem",
     "version": "1.0.0",
     "type": "gem",
-    "usedByEntrypoint": false,
+    "usedByEntrypoint": true,
     "metadata": {
+      "capability.exec": "true",
+      "capability.net": "true",
+      "capability.scheduler": "activejob;clockwork;resque;sidekiq",
+      "capability.scheduler.activejob": "true",
+      "capability.scheduler.clockwork": "true",
+      "capability.scheduler.resque": "true",
+      "capability.scheduler.sidekiq": "true",
+      "capability.serialization": "true",
       "declaredOnly": "true",
       "lockfile": "vendor/cache/custom-gem-1.0.0.gem",
+      "runtime.entrypoints": "app/main.rb",
+      "runtime.files": "app/main.rb",
+      "runtime.reasons": "require-static",
+      "runtime.used": "true",
       "source": "vendor-cache"
     },
     "evidence": [
@@ -27,10 +39,22 @@
     "name": "puma",
     "version": "6.4.2",
     "type": "gem",
-    "usedByEntrypoint": false,
+    "usedByEntrypoint": true,
     "metadata": {
+      "capability.exec": "true",
+      "capability.net": "true",
+      "capability.scheduler": "activejob;clockwork;resque;sidekiq",
+      "capability.scheduler.activejob": "true",
+      "capability.scheduler.clockwork": "true",
+      "capability.scheduler.resque": "true",
+      "capability.scheduler.sidekiq": "true",
+      "capability.serialization": "true",
       "declaredOnly": "true",
       "lockfile": "Gemfile.lock",
+      "runtime.entrypoints": "app/main.rb",
+      "runtime.files": "app/main.rb",
+      "runtime.reasons": "require-static",
+      "runtime.used": "true",
       "source": "https://rubygems.org/"
     },
     "evidence": [
@@ -48,10 +72,22 @@
     "name": "rake",
     "version": "13.1.0",
     "type": "gem",
-    "usedByEntrypoint": false,
+    "usedByEntrypoint": true,
     "metadata": {
+      "capability.exec": "true",
+      "capability.net": "true",
+      "capability.scheduler": "activejob;clockwork;resque;sidekiq",
+      "capability.scheduler.activejob": "true",
+      "capability.scheduler.clockwork": "true",
+      "capability.scheduler.resque": "true",
+      "capability.scheduler.sidekiq": "true",
+      "capability.serialization": "true",
       "declaredOnly": "true",
       "lockfile": "Gemfile.lock",
+      "runtime.entrypoints": "app/main.rb",
+      "runtime.files": "app/main.rb",
+      "runtime.reasons": "require-static",
+      "runtime.used": "true",
       "source": "https://rubygems.org/"
     },
     "evidence": [
@@ -62,4 +98,4 @@
       }
     ]
   }
-]
+]

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Lang/Ruby/RubyLanguageAnalyzerTests.cs

@@ -1,3 +1,4 @@
+using StellaOps.Scanner.Analyzers.Lang;
 using StellaOps.Scanner.Analyzers.Lang.Ruby;
 using StellaOps.Scanner.Analyzers.Lang.Tests.Harness;
 using StellaOps.Scanner.Analyzers.Lang.Tests.TestUtilities;
@@ -11,10 +12,13 @@ public sealed class RubyLanguageAnalyzerTests
     {
         var fixture = TestPaths.ResolveFixture("lang", "ruby", "basic");
         var golden = Path.Combine(fixture, "expected.json");
+        var usageHints = new LanguageUsageHints(new[] { Path.Combine(fixture, "app", "main.rb") });
+
         await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
             fixture,
             golden,
             new ILanguageAnalyzer[] { new RubyLanguageAnalyzer() },
-            cancellationToken: TestContext.Current.CancellationToken);
+            cancellationToken: TestContext.Current.CancellationToken,
+            usageHints: usageHints);
     }
 }

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/TestUtilities/JavaClassFileFactory.cs

@@ -65,6 +65,8 @@ public static class JavaClassFileFactory
         writer.WriteByte((byte)ConstantTag.Utf8); writer.WriteUtf8("(Ljava/lang/String;)Ljava/net/URL;"); // #13
         writer.WriteByte((byte)ConstantTag.NameAndType); writer.WriteUInt16(12); writer.WriteUInt16(13); // #14
         writer.WriteByte((byte)ConstantTag.Methodref); writer.WriteUInt16(11); writer.WriteUInt16(14); // #15
+        writer.WriteByte((byte)ConstantTag.Utf8); writer.WriteUtf8("dummy"); // #16
+        writer.WriteByte((byte)ConstantTag.String); writer.WriteUInt16(16); // #17
 
         writer.WriteUInt16(0x0001); // public
         writer.WriteUInt16(2); // this class