feat(scanner): Complete PoE implementation with Windows compatibility fix

- Fix namespace conflicts (Subgraph → PoESubgraph)
- Add hash sanitization for Windows filesystem (colon → underscore)
- Update all test mocks to use It.IsAny<>()
- Add direct orchestrator unit tests
- All 8 PoE tests now passing (100% success rate)
- Complete SPRINT_3500_0001_0001 documentation

Fixes compilation errors and Windows filesystem compatibility issues.
Tests: 8/8 passing
Files: 8 modified, 1 new test, 1 completion report

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

etc/appsettings.admin.yaml.example

@@ -0,0 +1,127 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# Sprint: SPRINT_4100_0006_0005 - Admin Utility Integration
+# Configuration example for administrative operations
+
+StellaOps:
+  # Backend API configuration
+  Backend:
+    BaseUrl: "https://api.stellaops.example.com"
+
+    # Admin authentication (choose one method)
+    Auth:
+      # Option 1: OpTok with admin scopes (recommended for production)
+      OpTok:
+        Enabled: true
+        # Obtain via: stella auth login
+        # Token will be stored in ~/.stellaops/tokens.json
+
+      # Option 2: Bootstrap API key (for initial setup only)
+      BootstrapKey:
+        Enabled: false
+        # Set this to the bootstrap key from backend config
+        # Use environment variable: STELLAOPS_BOOTSTRAP_KEY
+        Value: "${STELLAOPS_BOOTSTRAP_KEY}"
+
+    # HTTP client settings
+    Http:
+      TimeoutSeconds: 30
+      RetryCount: 3
+      RetryDelayMs: 1000
+
+  # Admin operation defaults
+  Admin:
+    # Default tenant for user operations
+    DefaultTenant: "default"
+
+    # Require confirmation for destructive operations
+    RequireConfirmation: true
+
+    # Audit logging
+    AuditLog:
+      Enabled: true
+      OutputPath: "~/.stellaops/admin-audit.jsonl"
+
+    # Policy management
+    Policy:
+      # Default export format
+      ExportFormat: "yaml"  # yaml or json
+
+      # Backup policies before import
+      BackupBeforeImport: true
+      BackupPath: "~/.stellaops/policy-backups"
+
+    # User management
+    Users:
+      # Available roles
+      ValidRoles:
+        - "admin"
+        - "security-engineer"
+        - "developer"
+        - "viewer"
+
+      # Email validation pattern
+      EmailPattern: "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$"
+
+    # Feed management
+    Feeds:
+      # Default refresh behavior
+      RefreshTimeout: 300  # seconds
+
+      # Available feed sources
+      Sources:
+        - id: "nvd"
+          name: "NVD (National Vulnerability Database)"
+          type: "nvd-api"
+
+        - id: "osv"
+          name: "OSV (Open Source Vulnerabilities)"
+          type: "osv-api"
+
+        - id: "github"
+          name: "GitHub Advisory Database"
+          type: "github-api"
+
+# Environment-specific overrides
+#
+# Development:
+#   export STELLAOPS_BACKEND__BASEURL="http://localhost:5000"
+#   export STELLAOPS_ADMIN__REQUIRECONFIRMATION="false"
+#
+# Production:
+#   export STELLAOPS_BACKEND__BASEURL="https://api.stellaops.prod.example.com"
+#   export STELLAOPS_ADMIN__AUDITLOG__ENABLED="true"
+
+# Required Scopes for Admin Operations:
+#
+# stella admin policy   → admin.policy
+# stella admin users    → admin.users
+# stella admin feeds    → admin.feeds
+# stella admin system   → admin.platform
+#
+# Bootstrap Mode (before Authority configured):
+#   export STELLAOPS_BOOTSTRAP_KEY="<key-from-backend-config>"
+#   stella admin users add admin@example.com --role admin
+
+# Usage Examples:
+#
+# Policy Management:
+#   stella admin policy export --output backup-$(date +%F).yaml
+#   stella admin policy validate --file new-policy.yaml
+#   stella admin policy import --file new-policy.yaml
+#   stella admin policy list
+#
+# User Management:
+#   stella admin users list --role admin
+#   stella admin users add alice@example.com --role security-engineer
+#   stella admin users update alice@example.com --role admin
+#   stella admin users revoke bob@example.com --confirm
+#
+# Feed Management:
+#   stella admin feeds list
+#   stella admin feeds status --source nvd
+#   stella admin feeds refresh --source nvd --force
+#   stella admin feeds history --source nvd --limit 20
+#
+# System Management:
+#   stella admin system status
+#   stella admin system info