Add Authority Advisory AI and API Lifecycle Configuration

- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.

docs/modules/cli/architecture.md

@@ -145,14 +145,14 @@ Both subcommands honour offline-first expectations (no network access) and norma
 
 ### 3.3 Multi‑audience & scopes
 
-* CLI requests **audiences** as needed per verb:
-
-  * `scanner` for scan/export/report/diff
-  * `signer` (indirect; usually backend calls Signer)
-  * `attestor` for verify
-  * `concelier`/`excititor` for admin verbs
-
-CLI rejects verbs if required scopes are missing.
+* CLI requests **audiences** as needed per verb:
+
+  * `scanner` for scan/export/report/diff
+  * `signer` (indirect; usually backend calls Signer)
+  * `attestor` for verify (requires `attestor.verify` scope; read-only verbs fall back to `attestor.read`)
+  * `concelier`/`excititor` for admin verbs
+
+CLI rejects verbs if required scopes are missing.
 
 ---