feat: security advisory aggregator, manifest API rewrite, namespace rename (#150, #283)

- Add `security:advisories` command — cross-repo CVE scanner via composer audit
  with checkpoint resumability, severity filtering, and auto-issue creation
- Rewrite `manifest:read` to use Gitea manifest API as primary source with
  auto-detection fallback from source tree (no more manifest.xml dependency)
- Rename MokoStandards namespace → MokoCli across all files
- Rename MokoEnterprise namespace → MokoCli across all files
- Rename MokoStandardsParser class → ManifestParser
- Fix composer.json autoload paths: src/ → source/

cli/version_set_platform.php

@@ -17,7 +17,7 @@ declare(strict_types=1);
 
 require_once __DIR__ . '/../lib/Enterprise/CliFramework.php';
 
-use MokoEnterprise\{CliFramework, SourceResolver};
+use MokoCli\{CliFramework, SourceResolver};
 
 class VersionSetPlatformCli extends CliFramework
 {