fix(audit): align with Composer's AuditCommand pipeline

- Add mozart-core::advisory::{AuditFormat, AbandonedHandling, AuditConfig}
  mirroring Composer\Advisory\AuditConfig; reads audit.ignore,
  audit.ignore-severity, audit.ignore-abandoned, audit.abandoned,
  audit.block-insecure, audit.block-abandoned, audit.ignore-unreachable
  from composer.json config with full apply-scope support
- Add mozart-registry::advisory::Auditor mirroring Composer\Advisory\Auditor;
  process_advisories() filters by package name, advisory ID, CVE, source
  remote ID, and severity; filter_abandoned_packages() respects ignore-abandoned
- Add RepositorySet::get_matching_security_advisories() wrapping
  fetch_security_advisories with version-matching and unreachable-repo tracking
- JSON output now includes ignored-advisories and unreachable-repositories keys
- --abandoned falls back to audit.abandoned config (was hardcoded to "fail")
- --ignore-severity merges with audit.ignore-severity config
- --ignore-unreachable ORs with audit.ignore-unreachable config
- Move normalize_or_separator into repository/mod.rs alongside version matching

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

0 files changed, 0 insertions, 0 deletions