feat: Implement vulnerability token signing and verification utilities

- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.

docs/api/scanner/README.md

@@ -0,0 +1,18 @@
+# Scanner API Docs — Windows/macOS Coverage (Draft)
+
+This directory collects interim artefacts tracking customer demand and roadmap readiness for extending Scanner coverage to Windows and macOS.
+
+## Files
+- `windows-coverage.md` — narrative summary of customer signals and required artefacts.
+- `windows-macos-summary.md` — dashboard-style snapshot (counts, cross-references) updated after each discovery cycle.
+
+## Related resources
+- `../../modules/scanner/design/README.md`
+- `../../benchmarks/scanner/windows-macos-demand.md`
+- `../../benchmarks/scanner/windows-macos-interview-template.md`
+- `../../modules/scanner/design/macos-analyzer.md`
+- `../../modules/scanner/design/windows-analyzer.md`
+- `../../modules/policy/windows-package-readiness.md`
+- `../../modules/policy/secret-leak-detection-readiness.md`
+
+> Note: replace these working notes with formal API documentation once Windows/macOS analyzer endpoints are defined.