feat: Implement approvals workflow and notifications integration

- Added approvals orchestration with persistence and workflow scaffolding.
- Integrated notifications insights and staged resume hooks.
- Introduced approval coordinator and policy notification bridge with unit tests.
- Added approval decision API with resume requeue and persisted plan snapshots.
- Documented the Excitor consensus API beta and provided JSON sample payload.
- Created analyzers to flag usage of deprecated merge service APIs.
- Implemented logging for artifact uploads and approval decision service.
- Added tests for PackRunApprovalDecisionService and related components.

docs/modules/vuln-explorer/README.md

@@ -1,11 +1,14 @@
 # StellaOps Vulnerability Explorer
 
-Vulnerability Explorer delivers policy-aware triage, investigation, and reporting surfaces for effective findings.
-
-## Responsibilities
-- Present policy-evaluated findings with advisory, VEX, SBOM, and runtime context.
-- Capture triage workflow in an immutable findings ledger with role-based access.
-- Provide pivots, exports, and reports for auditors and operations teams.
+Vulnerability Explorer delivers policy-aware triage, investigation, and reporting surfaces for effective findings.
+
+## Latest updates (2025-11-03)
+- Access controls refresh introduced attachment signing tokens and updated scope guidance (`docs/updates/2025-11-03-vuln-explorer-access-controls.md`). Ensure operator runbooks reference the new Authority scopes (`authority-scopes.md`) and security checklist before enabling attachment uploads.
+
+## Responsibilities
+- Present policy-evaluated findings with advisory, VEX, SBOM, and runtime context.
+- Capture triage workflow in an immutable findings ledger with role-based access.
+- Provide pivots, exports, and reports for auditors and operations teams.
 - Integrate explain traces, remediation notes, and offline bundles.
 
 ## Key components