feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations

- Added DefaultCryptoHmac class implementing ICryptoHmac interface.
- Introduced purpose-based HMAC computation methods.
- Implemented verification methods for HMACs with constant-time comparison.
- Created HmacAlgorithms and HmacPurpose classes for well-known identifiers.
- Added compliance profile support for HMAC algorithms.
- Included asynchronous methods for HMAC computation from streams.

docs/risk/samples/profiles/SHA256SUMS

@@ -0,0 +1,2 @@
+e9d2913ad6fe38423ffeea7b5a33f6e15a59d93784200d0686a9b26a80dd3885  README.md
+c8242d4051232152d024dd37324b346dcf019a5e46b7b82fae8349ad802affab  default-profile.json

docs/risk/samples/profiles/default-profile.json

@@ -0,0 +1,18 @@
+{
+  "id": "default-profile",
+  "version": "1.0.0",
+  "description": "Default risk profile for vulnerability prioritization",
+  "extends": "base-profile",
+  "signals": [
+    { "name": "cvss", "source": "nvd", "type": "numeric", "path": "/cvss/base_score", "transform": "normalize_10", "unit": "score" },
+    { "name": "kev", "source": "cisa", "type": "boolean", "path": "/kev/in_catalog" },
+    { "name": "reachability", "source": "scanner", "type": "numeric", "path": "/reachability/score", "unit": "score" }
+  ],
+  "weights": { "cvss": 0.4, "kev": 0.3, "reachability": 0.3 },
+  "overrides": {
+    "severity": [ { "when": { "kev": true }, "set": "critical" } ],
+    "decisions": [ { "when": { "kev": true, "reachability": { "$gt": 0.8 } }, "action": "deny", "reason": "KEV with high reachability" } ]
+  },
+  "metadata": { "author": "docs-guild", "created_at": "2025-12-05T00:00:00Z" },
+  "provenance": { "hash": "sha256:placeholder", "signed": false }
+}