wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEvidenceEndpoints.cs

@@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Routing;
 using StellaOps.Scanner.Reachability.Jobs;
 using StellaOps.Scanner.Reachability.Services;
 using StellaOps.Scanner.Reachability.Vex;
+using StellaOps.Scanner.WebService.Security;
 
 namespace StellaOps.Scanner.WebService.Endpoints;
 
@@ -24,7 +25,8 @@ public static class ReachabilityEvidenceEndpoints
         this IEndpointRouteBuilder routes)
     {
         var group = routes.MapGroup("/api/reachability")
-            .WithTags("Reachability Evidence");
+            .WithTags("Reachability Evidence")
+            .RequireAuthorization(ScannerPolicies.ScansRead);
 
         // Analyze reachability for a CVE
         group.MapPost("/analyze", AnalyzeAsync)
@@ -32,7 +34,8 @@ public static class ReachabilityEvidenceEndpoints
             .WithSummary("Analyze reachability of a CVE in an image")
             .Produces<ReachabilityAnalyzeResponse>(StatusCodes.Status200OK)
             .Produces<ProblemDetails>(StatusCodes.Status400BadRequest)
-            .Produces<ProblemDetails>(StatusCodes.Status404NotFound);
+            .Produces<ProblemDetails>(StatusCodes.Status404NotFound)
+            .RequireAuthorization(ScannerPolicies.ScansWrite);
 
         // Get job result
         group.MapGet("/result/{jobId}", GetResultAsync)
@@ -53,7 +56,8 @@ public static class ReachabilityEvidenceEndpoints
             .WithName("GenerateVexFromReachability")
             .WithSummary("Generate VEX statement from reachability analysis")
             .Produces<VexStatementResponse>(StatusCodes.Status200OK)
-            .Produces<ProblemDetails>(StatusCodes.Status400BadRequest);
+            .Produces<ProblemDetails>(StatusCodes.Status400BadRequest)
+            .RequireAuthorization(ScannerPolicies.ScansWrite);
 
         return routes;
     }