Add Authority Advisory AI and API Lifecycle Configuration

- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.

docs/quickstart.md

@@ -65,7 +65,10 @@ docker compose --env-file .env -f docker-compose.stella-ops.yml up -d
 ## 4. Run your first scan (1 min)
 
 ```bash
-stella auth login --device-code
+stella auth login \
+  --device-code \
+  --audiences scanner,attestor \
+  --scopes attestor.verify,attestor.read
 stella scan image \
   --image registry.stella-ops.org/demo/juice-shop:latest \
   --sbom-type cyclonedx-json
@@ -75,6 +78,8 @@ stella scan image \
 - CLI exits non-zero if lattice policy blocks the image; use `stella policy explain --last` for context.
 - Headers `X-Stella-Quota-Remaining` and the UI banner keep quota usage transparent.
 
+> Need to inspect attestations only? Swap `attestor.verify` for `attestor.read`. Submission endpoints still need `attestor.write`.
+
 ## 5. Verify & explore (1 min)
 
 - Check the Console (`https://localhost:8443`) to view findings, VEX evidence, and deterministic replay manifests.