Add new features and tests for AirGap and Time modules

- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.

docs/modules/excititor/operations/chunk-api-user-guide.md

@@ -0,0 +1,24 @@
+# Using the Chunk API
+
+Endpoint: `POST /vex/evidence/chunks`
+- Content-Type: `application/x-ndjson`
+- See schema: `docs/modules/excititor/schemas/vex-chunk-api.yaml`
+
+Response: `202 Accepted`
+```json
+{ "chunk_digest": "sha256:…", "queue_id": "uuid" }
+```
+
+Operational notes
+- Deterministic hashing: server recomputes `chunk_digest` from canonical JSON; mismatches return 400.
+- Limits: default 500 items, max 2000 (aligned with Program.cs guard).
+- Telemetry: metrics under `StellaOps.Excititor.Chunks` (see chunk-telemetry.md).
+- Headers: correlation/trace headers echoed (`X-Stella-TraceId`, `X-Stella-CorrelationId`).
+
+Example curl
+```bash
+curl -X POST https://excitor.local/vex/evidence/chunks \
+  -H "Authorization: Bearer <token>" \
+  -H "Content-Type: application/x-ndjson" \
+  --data-binary @docs/samples/excititor/chunk-sample.ndjson
+```

docs/modules/excititor/operations/chunk-telemetry.md

@@ -0,0 +1,26 @@
+# Excititor Chunk Telemetry (Sprint 110)
+
+## Metrics (Meter: `StellaOps.Excititor.Chunks`)
+- `vex_chunks_ingested_total` (counter) — tags: `tenant`, `source`, `status` (`accepted|rejected`), `reason` (nullable for accepted). Increments per chunk submitted.
+- `vex_chunks_item_count` (histogram, unit=items) — records item count per chunk.
+- `vex_chunks_payload_bytes` (histogram, unit=bytes) — measured from NDJSON payload length.
+- `vex_chunks_latency_ms` (histogram) — end-to-end ingestion latency per request.
+
+## Logs
+- `vex.chunk.ingest.accepted` — includes `chunk_id`, `tenant`, `source`, `item_count`, `chunk_digest`.
+- `vex.chunk.ingest.rejected` — includes `chunk_id`, `tenant`, `source`, `reason`, validation errors (summarized).
+
+## Wiring steps
+1. Register `ChunkTelemetry` as singleton with shared `Meter` instance.
+2. In `/vex/evidence/chunks` handler, compute `chunk_digest` deterministically from canonical JSON and emit counters/histograms via `ChunkTelemetry`.
+3. Log using structured templates above; avoid request bodies in logs.
+4. Expose metrics via default ASP.NET metrics export (Prometheus/OpenTelemetry) already configured in WebService.
+
+## Determinism & offline posture
+- Do not include host-specific paths or timestamps in metric dimensions.
+- Histogram buckets: use standard OTEL defaults; no runtime-generated buckets.
+- Keep meter name stable; adding new instruments requires version note in sprint Decisions & Risks.
+
+## Ownership
+- Implementer: Excititor Observability Guild
+- Reviewers: Evidence Locker Guild (for parity with attestation metrics)