feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules

- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.

docs/modules/signer/README.md

@@ -0,0 +1,30 @@
+# StellaOps Signer
+
+Signer validates callers, enforces Proof-of-Entitlement, and produces signed DSSE bundles for SBOMs, reports, and exports.
+
+## Responsibilities
+- Enforce plan quotas and PoE before signing artifacts.
+- Support keyless and keyful signing backends.
+- Emit DSSE payloads consumed by Attestor and downstream bundles.
+- Maintain audit trails for all signing operations.
+
+## Key components
+- `StellaOps.Signer` service host.
+- Crypto providers under `StellaOps.Cryptography.*`.
+
+## Integrations & dependencies
+- Authority for OpTok validation.
+- Attestor for transparency logging.
+- Export Center and CLI for artifact signing flows.
+
+## Operational notes
+- Key management via Authority/DevOps runbooks.
+- Metrics for signing latency/throttle states.
+- Offline kit integration for signature verification.
+
+## Backlog references
+- SIG docs/tasks in ../../TASKS.md (e.g., DOCS-SIG-26-006).
+
+## Epic alignment
+- **Epic 10 – Export Center:** provide signing pipelines, cosign interoperability, and provenance manifests for bundle promotion.
+- **Epic 19 – Attestor Console:** supply DSSE payloads and Proof-of-Entitlement enforcement feeding attestation workflows described in `docs/modules/attestor/`.