Phase B: route merges for Reports, Bundles, and bookmark redirects

Bundles route moved to /evidence/bundles:
- Add /evidence/bundles and /evidence/bundles/new routes loading existing
  TriageAuditBundlesComponent and TriageAuditBundleNewComponent
- /triage/audit-bundles and /triage/audit-bundles/new redirect to new paths

Security Reports merged into Security Posture:
- /security/reports redirects to /security (Security Posture page)
- Add Print/PDF button directly on Security Posture page header
- Reports page component retained for backward compat but no longer in sidebar or routes

All old routes have redirects to prevent bookmark breakage.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/Web/StellaOps.Web/src/app/features/security-risk/security-risk-overview.component.ts

@@ -73,6 +73,7 @@ interface PlatformListResponse<T> {
           <p>Release-blocking posture, advisory freshness, and disposition confidence for the selected scope.</p>
         </div>
         <div class="header-actions">
+          <button type="button" class="btn btn-secondary" (click)="printReport()">Print / PDF</button>
           <a routerLink="/security/scan" queryParamsHandling="merge" class="btn btn-primary">Scan an Image</a>
           <a routerLink="/triage/artifacts" queryParamsHandling="merge" class="btn btn-secondary">View Active Findings</a>
         </div>
@@ -593,4 +594,8 @@ export class SecurityRiskOverviewComponent {
     if (environment) params = params.set('environment', environment);
     return params;
   }
+
+  printReport(): void {
+    window.print();
+  }
 }

src/Web/StellaOps.Web/src/app/routes/evidence.routes.ts

@@ -106,4 +106,20 @@ export const EVIDENCE_ROUTES: Routes = [
     data: { breadcrumb: 'Audit Log' },
     loadChildren: () => import('../features/audit-log/audit-log.routes').then((m) => m.auditLogRoutes),
   },
+  {
+    path: 'bundles',
+    title: 'Audit Bundles',
+    data: { breadcrumb: 'Bundles' },
+    loadComponent: () =>
+      import('../features/triage/triage-audit-bundles.component').then((m) => m.TriageAuditBundlesComponent),
+  },
+  {
+    path: 'bundles/new',
+    title: 'Create Audit Bundle',
+    data: { breadcrumb: 'Create Bundle' },
+    loadComponent: () =>
+      import('../features/triage/triage-audit-bundle-new.component').then(
+        (m) => m.TriageAuditBundleNewComponent,
+      ),
+  },
 ];

src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts

@@ -128,15 +128,8 @@ export const SECURITY_RISK_ROUTES: Routes = [
         (m) => m.ScanPolicyComponent
       ),
   },
-  {
-    path: 'reports',
-    title: 'Security Reports',
-    data: { breadcrumb: 'Reports' },
-    loadComponent: () =>
-      import('../features/security/security-reports-page.component').then(
-        (m) => m.SecurityReportsPageComponent
-      ),
-  },
+  // Reports merged into Security Posture — redirect for bookmarks
+  { path: 'reports', redirectTo: '/security', pathMatch: 'full' },
   {
     path: 'findings',
     title: 'Findings Explorer',

src/Web/StellaOps.Web/src/app/routes/triage.routes.ts

@@ -20,22 +20,9 @@ export const TRIAGE_ROUTES: Routes = [
     loadComponent: () =>
       import('../features/triage/triage-workspace.component').then((m) => m.TriageWorkspaceComponent),
   },
-  {
-    path: 'audit-bundles/new',
-    title: 'Create Audit Bundle',
-    data: { breadcrumb: 'Create Bundle' },
-    loadComponent: () =>
-      import('../features/triage/triage-audit-bundle-new.component').then(
-        (m) => m.TriageAuditBundleNewComponent
-      ),
-  },
-  {
-    path: 'audit-bundles',
-    title: 'Audit Bundles',
-    data: { breadcrumb: 'Audit Bundles' },
-    loadComponent: () =>
-      import('../features/triage/triage-audit-bundles.component').then((m) => m.TriageAuditBundlesComponent),
-  },
+  // Audit bundles moved to /evidence/bundles — keep redirects for bookmarks
+  { path: 'audit-bundles/new', redirectTo: '/evidence/bundles/new', pathMatch: 'full' },
+  { path: 'audit-bundles', redirectTo: '/evidence/bundles', pathMatch: 'full' },
   {
     path: '**',
     redirectTo: 'artifacts',