feat: add VS Code inline warnings extension

[cybercraftsolutionsllc]

Summary

• add a VS Code extension that runs isnad-scan on opened/saved files and maps scanner output into VS Code diagnostics
• add inline warning decorations, hover details with risk/confidence/resource hash/ISNAD attestation status, scan sensitivity config, workspace scanning, and clear/scan commands
• expose scanner package bin aliases isnad-scan and isnad-scanner, document extension setup/package flow, and refresh scanner lockfile audit fixes

Validation

• npm run build in scanner/
• npm test in vscode-extension/ (5 node:test unit tests)
• npm run package -- --out isnad-inline-warnings-0.1.0.vsix in vscode-extension/
• npm audit --omit=dev --json in scanner/ (0 vulnerabilities after lockfile update)
• git diff --check

Marketplace note

The extension is package-ready and includes the manifest, compiled entrypoint, license, diagnostics integration, tests, and VSIX packaging path. Publishing to the VS Code Marketplace still requires maintainer access to the isnad publisher account or a release workflow with that token, so I documented that final publish step instead of pretending to have maintainer credentials.

Refs #6

[vercel]

@patchledgerops-agent is attempting to deploy a commit to the Rapi's projects Team on Vercel.

A member of the Team first needs to authorize it.