feat: Implement vulnerability token signing and verification utilities

- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.

samples/api/scheduler/run-summary.json

@@ -1,101 +1,101 @@
-{
-  "tenantId": "tenant-alpha",
-  "scheduleId": "sch_20251018a",
-  "updatedAt": "2025-10-18T22:10:10Z",
-  "lastRun": {
-    "runId": "run_20251018_0001",
-    "trigger": "feedser",
-    "state": "completed",
-    "createdAt": "2025-10-18T22:03:14Z",
-    "startedAt": "2025-10-18T22:03:20Z",
-    "finishedAt": "2025-10-18T22:08:45Z",
-    "stats": {
-      "candidates": 1280,
-      "deduped": 910,
-      "queued": 0,
-      "completed": 910,
-      "deltas": 42,
-      "newCriticals": 7,
-      "newHigh": 11,
-      "newMedium": 18,
-      "newLow": 6
-    },
-    "error": null
-  },
-  "recent": [
-    {
-      "runId": "run_20251018_0001",
-      "trigger": "feedser",
-      "state": "completed",
-      "createdAt": "2025-10-18T22:03:14Z",
-      "startedAt": "2025-10-18T22:03:20Z",
-      "finishedAt": "2025-10-18T22:08:45Z",
-      "stats": {
-        "candidates": 1280,
-        "deduped": 910,
-        "queued": 0,
-        "completed": 910,
-        "deltas": 42,
-        "newCriticals": 7,
-        "newHigh": 11,
-        "newMedium": 18,
-        "newLow": 6
-      },
-      "error": null
-    },
-    {
-      "runId": "run_20251017_0003",
-      "trigger": "cron",
-      "state": "error",
-      "createdAt": "2025-10-17T22:01:02Z",
-      "startedAt": "2025-10-17T22:01:08Z",
-      "finishedAt": "2025-10-17T22:04:11Z",
-      "stats": {
-        "candidates": 1040,
-        "deduped": 812,
-        "queued": 0,
-        "completed": 640,
-        "deltas": 18,
-        "newCriticals": 2,
-        "newHigh": 4,
-        "newMedium": 7,
-        "newLow": 3
-      },
-      "error": "scanner timeout"
-    },
-    {
-      "runId": "run_20251016_0007",
-      "trigger": "manual",
-      "state": "cancelled",
-      "createdAt": "2025-10-16T20:00:00Z",
-      "startedAt": "2025-10-16T20:00:04Z",
-      "finishedAt": null,
-      "stats": {
-        "candidates": 820,
-        "deduped": 640,
-        "queued": 0,
-        "completed": 0,
-        "deltas": 0,
-        "newCriticals": 0,
-        "newHigh": 0,
-        "newMedium": 0,
-        "newLow": 0
-      },
-      "error": null
-    }
-  ],
-  "counters": {
-    "total": 3,
-    "planning": 0,
-    "queued": 0,
-    "running": 0,
-    "completed": 1,
-    "error": 1,
-    "cancelled": 1,
-    "totalDeltas": 60,
-    "totalNewCriticals": 9,
-    "totalNewHigh": 15,
-    "totalNewMedium": 25,
-    "totalNewLow": 9
-  }
-}
+{
+  "tenantId": "tenant-alpha",
+  "scheduleId": "sch_20251018a",
+  "updatedAt": "2025-10-18T22:10:10Z",
+  "lastRun": {
+    "runId": "run_20251018_0001",
+    "trigger": "conselier",
+    "state": "completed",
+    "createdAt": "2025-10-18T22:03:14Z",
+    "startedAt": "2025-10-18T22:03:20Z",
+    "finishedAt": "2025-10-18T22:08:45Z",
+    "stats": {
+      "candidates": 1280,
+      "deduped": 910,
+      "queued": 0,
+      "completed": 910,
+      "deltas": 42,
+      "newCriticals": 7,
+      "newHigh": 11,
+      "newMedium": 18,
+      "newLow": 6
+    },
+    "error": null
+  },
+  "recent": [
+    {
+      "runId": "run_20251018_0001",
+      "trigger": "conselier",
+      "state": "completed",
+      "createdAt": "2025-10-18T22:03:14Z",
+      "startedAt": "2025-10-18T22:03:20Z",
+      "finishedAt": "2025-10-18T22:08:45Z",
+      "stats": {
+        "candidates": 1280,
+        "deduped": 910,
+        "queued": 0,
+        "completed": 910,
+        "deltas": 42,
+        "newCriticals": 7,
+        "newHigh": 11,
+        "newMedium": 18,
+        "newLow": 6
+      },
+      "error": null
+    },
+    {
+      "runId": "run_20251017_0003",
+      "trigger": "cron",
+      "state": "error",
+      "createdAt": "2025-10-17T22:01:02Z",
+      "startedAt": "2025-10-17T22:01:08Z",
+      "finishedAt": "2025-10-17T22:04:11Z",
+      "stats": {
+        "candidates": 1040,
+        "deduped": 812,
+        "queued": 0,
+        "completed": 640,
+        "deltas": 18,
+        "newCriticals": 2,
+        "newHigh": 4,
+        "newMedium": 7,
+        "newLow": 3
+      },
+      "error": "scanner timeout"
+    },
+    {
+      "runId": "run_20251016_0007",
+      "trigger": "manual",
+      "state": "cancelled",
+      "createdAt": "2025-10-16T20:00:00Z",
+      "startedAt": "2025-10-16T20:00:04Z",
+      "finishedAt": null,
+      "stats": {
+        "candidates": 820,
+        "deduped": 640,
+        "queued": 0,
+        "completed": 0,
+        "deltas": 0,
+        "newCriticals": 0,
+        "newHigh": 0,
+        "newMedium": 0,
+        "newLow": 0
+      },
+      "error": null
+    }
+  ],
+  "counters": {
+    "total": 3,
+    "planning": 0,
+    "queued": 0,
+    "running": 0,
+    "completed": 1,
+    "error": 1,
+    "cancelled": 1,
+    "totalDeltas": 60,
+    "totalNewCriticals": 9,
+    "totalNewHigh": 15,
+    "totalNewMedium": 25,
+    "totalNewLow": 9
+  }
+}

samples/api/scheduler/run.json

@@ -1,50 +1,50 @@
-{
-  "schemaVersion": "scheduler.run@1",
-  "id": "run_20251018_0001",
-  "tenantId": "tenant-alpha",
-  "scheduleId": "sch_20251018a",
-  "trigger": "feedser",
-  "state": "running",
-  "stats": {
-    "candidates": 1280,
-    "deduped": 910,
-    "queued": 624,
-    "completed": 310,
-    "deltas": 42,
-    "newCriticals": 7,
-    "newHigh": 11,
-    "newMedium": 18,
-    "newLow": 6
-  },
-  "reason": {
-    "feedserExportId": "exp-20251018-03"
-  },
-  "createdAt": "2025-10-18T22:03:14+00:00",
-  "startedAt": "2025-10-18T22:03:20+00:00",
-  "deltas": [
-    {
-      "imageDigest": "sha256:a1b2c3",
-      "newFindings": 3,
-      "newCriticals": 1,
-      "newHigh": 1,
-      "newMedium": 1,
-      "newLow": 0,
-      "kevHits": [
-        "CVE-2025-0002"
-      ],
-      "topFindings": [
-        {
-          "purl": "pkg:rpm/openssl@3.0.12-5.el9",
-          "vulnerabilityId": "CVE-2025-0002",
-          "severity": "critical",
-          "link": "https://ui.internal/scans/sha256:a1b2c3"
-        }
-      ],
-      "attestation": {
-        "uuid": "rekor-314",
-        "verified": true
-      },
-      "detectedAt": "2025-10-18T22:03:21+00:00"
-    }
-  ]
-}
+{
+  "schemaVersion": "scheduler.run@1",
+  "id": "run_20251018_0001",
+  "tenantId": "tenant-alpha",
+  "scheduleId": "sch_20251018a",
+  "trigger": "conselier",
+  "state": "running",
+  "stats": {
+    "candidates": 1280,
+    "deduped": 910,
+    "queued": 624,
+    "completed": 310,
+    "deltas": 42,
+    "newCriticals": 7,
+    "newHigh": 11,
+    "newMedium": 18,
+    "newLow": 6
+  },
+  "reason": {
+    "conselierExportId": "exp-20251018-03"
+  },
+  "createdAt": "2025-10-18T22:03:14+00:00",
+  "startedAt": "2025-10-18T22:03:20+00:00",
+  "deltas": [
+    {
+      "imageDigest": "sha256:a1b2c3",
+      "newFindings": 3,
+      "newCriticals": 1,
+      "newHigh": 1,
+      "newMedium": 1,
+      "newLow": 0,
+      "kevHits": [
+        "CVE-2025-0002"
+      ],
+      "topFindings": [
+        {
+          "purl": "pkg:rpm/openssl@3.0.12-5.el9",
+          "vulnerabilityId": "CVE-2025-0002",
+          "severity": "critical",
+          "link": "https://ui.internal/scans/sha256:a1b2c3"
+        }
+      ],
+      "attestation": {
+        "uuid": "rekor-314",
+        "verified": true
+      },
+      "detectedAt": "2025-10-18T22:03:21+00:00"
+    }
+  ]
+}