feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations

- Added DefaultCryptoHmac class implementing ICryptoHmac interface.
- Introduced purpose-based HMAC computation methods.
- Implemented verification methods for HMACs with constant-time comparison.
- Created HmacAlgorithms and HmacPurpose classes for well-known identifiers.
- Added compliance profile support for HMAC algorithms.
- Included asynchronous methods for HMAC computation from streams.

docs/risk/samples/explain/SHA256SUMS

@@ -0,0 +1,2 @@
+30a64dcc9fb41d06774a9c125456c212a29915a083cd1d2170f16f343bd0764f  README.md
+1d2e56eebf0a266f80519f073e1db532c4a4f2d7fa604ea5c05d4e208719cc7c  explain-trace.json

docs/risk/samples/explain/explain-trace.json

@@ -0,0 +1,34 @@
+{
+  "job_id": "job-001",
+  "tenant_id": "tenant-default",
+  "context_id": "ctx-001",
+  "profile_id": "default-profile",
+  "profile_version": "1.0.0",
+  "profile_hash": "sha256:profilehash",
+  "finding_id": "finding-123",
+  "raw_score": 0.75,
+  "normalized_score": 0.85,
+  "severity": "high",
+  "signal_values": {
+    "cvss": 7.5,
+    "kev": true,
+    "reachability": 0.9
+  },
+  "signal_contributions": {
+    "cvss": 0.4,
+    "kev": 0.3,
+    "reachability": 0.3
+  },
+  "override_applied": "kev-boost",
+  "override_reason": "Known Exploited Vulnerability",
+  "gates_triggered": ["kev_and_reachability"],
+  "scored_at": "2025-12-05T00:00:02Z",
+  "provenance": {
+    "job_hash": "sha256:jobhash",
+    "fixtures": [
+      "sha256:cvsshash",
+      "sha256:kevhash",
+      "sha256:reachhash"
+    ]
+  }
+}