Add PHP Analyzer Plugin and Composer Lock Data Handling

- Implemented the PhpAnalyzerPlugin to analyze PHP projects.
- Created ComposerLockData class to represent data from composer.lock files.
- Developed ComposerLockReader to load and parse composer.lock files asynchronously.
- Introduced ComposerPackage class to encapsulate package details.
- Added PhpPackage class to represent PHP packages with metadata and evidence.
- Implemented PhpPackageCollector to gather packages from ComposerLockData.
- Created PhpLanguageAnalyzer to perform analysis and emit results.
- Added capability signals for known PHP frameworks and CMS.
- Developed unit tests for the PHP language analyzer and its components.
- Included sample composer.lock and expected output for testing.
- Updated project files for the new PHP analyzer library and tests.

src/Findings/StellaOps.Findings.Ledger/Domain/LedgerChainIdGenerator.cs

@@ -7,10 +7,15 @@ public static class LedgerChainIdGenerator
 {
     public static Guid FromTenantPolicy(string tenantId, string policyVersion)
     {
-        ArgumentException.ThrowIfNullOrWhiteSpace(tenantId);
-        ArgumentException.ThrowIfNullOrWhiteSpace(policyVersion);
+        return FromTenantSubject(tenantId, policyVersion);
+    }
 
-        var normalized = $"{tenantId.Trim()}::{policyVersion.Trim()}";
+    public static Guid FromTenantSubject(string tenantId, string subject)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(tenantId);
+        ArgumentException.ThrowIfNullOrWhiteSpace(subject);
+
+        var normalized = $"{tenantId.Trim()}::{subject.Trim()}";
         var bytes = Encoding.UTF8.GetBytes(normalized);
         Span<byte> guidBytes = stackalloc byte[16];
         var hash = SHA256.HashData(bytes);

src/Findings/StellaOps.Findings.Ledger/Domain/LedgerEventConstants.cs

@@ -14,8 +14,24 @@ public static class LedgerEventConstants
     public const string EventFindingRemediationPlanAdded = "finding.remediation_plan_added";
     public const string EventFindingAttachmentAdded = "finding.attachment_added";
     public const string EventFindingClosed = "finding.closed";
+    public const string EventAirgapBundleImported = "airgap.bundle_imported";
+    public const string EventOrchestratorExportRecorded = "orchestrator.export_recorded";
 
     public static readonly ImmutableHashSet<string> SupportedEventTypes = ImmutableHashSet.Create(StringComparer.Ordinal,
+        EventFindingCreated,
+        EventFindingStatusChanged,
+        EventFindingSeverityChanged,
+        EventFindingTagUpdated,
+        EventFindingCommentAdded,
+        EventFindingAssignmentChanged,
+        EventFindingAcceptedRisk,
+        EventFindingRemediationPlanAdded,
+        EventFindingAttachmentAdded,
+        EventFindingClosed,
+        EventAirgapBundleImported,
+        EventOrchestratorExportRecorded);
+
+    public static readonly ImmutableHashSet<string> FindingEventTypes = ImmutableHashSet.Create(StringComparer.Ordinal,
         EventFindingCreated,
         EventFindingStatusChanged,
         EventFindingSeverityChanged,
@@ -33,4 +49,6 @@ public static class LedgerEventConstants
         "integration");
 
     public const string EmptyHash = "0000000000000000000000000000000000000000000000000000000000000000";
+
+    public static bool IsFindingEvent(string eventType) => FindingEventTypes.Contains(eventType);
 }

src/Findings/StellaOps.Findings.Ledger/Domain/ProjectionModels.cs

@@ -8,6 +8,11 @@ public sealed record FindingProjection(
     string PolicyVersion,
     string Status,
     decimal? Severity,
+    decimal? RiskScore,
+    string? RiskSeverity,
+    string? RiskProfileVersion,
+    Guid? RiskExplanationId,
+    long? RiskEventSequence,
     JsonObject Labels,
     Guid CurrentEventId,
     string? ExplainRef,