Build category in tool list is a dumping ground

[andrew]

The README's "What it detects" section lists 150+ tools under Build including Rails, React, requests, Jackson, Handlebars, bcrypt, Multer. Every framework and every detection-only library def lands there because `category = "build"` was used as the catch-all when no better category existed.

The taxonomy tags carry the real classification (`role:framework`, `role:library`, `function:http-client`, etc) but `brief list tools` and `brief .` group by category, so the output is misleading.

Options:

• Add a `library` category for detection-only defs and update `report.CategoryLabels` / `report.CategoryOrder`. This is the smallest change — the ~70 new lib defs from Add 66 detection-only tool defs for security-relevant libraries #28 would move out of Build.
• Use taxonomy role as the grouping key instead of category. Bigger change but more accurate.
• Leave category alone and add a separate `brief list tools --by-taxonomy` view. Doesn't fix the README but gives a better query path.

The first option is probably the right balance: add the category, retag the lib defs, regenerate the README section.