feat: Implement vulnerability token signing and verification utilities

- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.

docs/modules/policy/README.md

@@ -1,31 +1,33 @@
-# StellaOps Policy Engine
-
-Policy Engine compiles and evaluates Stella DSL policies deterministically, producing explainable findings with full provenance.
-
-## Responsibilities
-- Compile `stella-dsl@1` packs into executable graphs.
-- Join advisories, VEX evidence, and SBOM inventories to derive effective findings.
-- Expose simulation and diff APIs for UI/CLI workflows.
-- Emit change-stream driven events for Notify/Scheduler integrations.
-
-## Key components
-- `StellaOps.Policy.Engine` service host.
-- Shared libraries under `StellaOps.Policy.*` for evaluation, storage, DSL tooling.
-
-## Integrations & dependencies
-- MongoDB findings collections, RustFS explain bundles.
-- Scheduler for incremental re-evaluation triggers.
-- CLI/UI for policy authoring and runs.
-
-## Operational notes
-- DSL grammar and lifecycle docs in ../../policy/.
-- Observability guidance in ../../observability/policy.md.
-- Governance and scope mapping in ../../security/policy-governance.md.
-
-## Backlog references
-- DOCS-POLICY-20-001 … DOCS-POLICY-20-012 (completed baseline).
-- DOCS-POLICY-23-007 (upcoming command updates).
-
-## Epic alignment
-- **Epic 2 – Policy Engine & Editor:** deliver deterministic evaluation, DSL infrastructure, explain traces, and incremental runs.
-- **Epic 4 – Policy Studio:** integrate registry workflows, simulation at scale, approvals, and promotion semantics.
+# StellaOps Policy Engine
+
+Policy Engine compiles and evaluates Stella DSL policies deterministically, producing explainable findings with full provenance.
+
+## Responsibilities
+- Compile `stella-dsl@1` packs into executable graphs.
+- Join advisories, VEX evidence, and SBOM inventories to derive effective findings.
+- Expose simulation and diff APIs for UI/CLI workflows.
+- Emit change-stream driven events for Notify/Scheduler integrations.
+
+## Key components
+- `StellaOps.Policy.Engine` service host.
+- Shared libraries under `StellaOps.Policy.*` for evaluation, storage, DSL tooling.
+
+## Integrations & dependencies
+- MongoDB findings collections, RustFS explain bundles.
+- Scheduler for incremental re-evaluation triggers.
+- CLI/UI for policy authoring and runs.
+
+## Operational notes
+- DSL grammar and lifecycle docs in ../../policy/.
+- Observability guidance in ../../observability/policy.md.
+- Governance and scope mapping in ../../security/policy-governance.md.
+- Readiness briefs: ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
+- Readiness briefs: ../scanner/design/macos-analyzer.md, ../scanner/design/windows-analyzer.md, ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
+
+## Backlog references
+- DOCS-POLICY-20-001 … DOCS-POLICY-20-012 (completed baseline).
+- DOCS-POLICY-23-007 (upcoming command updates).
+
+## Epic alignment
+- **Epic 2 – Policy Engine & Editor:** deliver deterministic evaluation, DSL infrastructure, explain traces, and incremental runs.
+- **Epic 4 – Policy Studio:** integrate registry workflows, simulation at scale, approvals, and promotion semantics.