feat: security advisory aggregator, manifest API rewrite, namespace rename (#150, #283)

- Add `security:advisories` command — cross-repo CVE scanner via composer audit
  with checkpoint resumability, severity filtering, and auto-issue creation
- Rewrite `manifest:read` to use Gitea manifest API as primary source with
  auto-detection fallback from source tree (no more manifest.xml dependency)
- Rename MokoStandards namespace → MokoCli across all files
- Rename MokoEnterprise namespace → MokoCli across all files
- Rename MokoStandardsParser class → ManifestParser
- Fix composer.json autoload paths: src/ → source/

lib/Enterprise/RepositorySynchronizer.php

@@ -17,7 +17,7 @@
 
 declare(strict_types=1);
 
-namespace MokoEnterprise;
+namespace MokoCli;
 
 use Exception;
 use RuntimeException;
@@ -44,7 +44,7 @@ class RepositorySynchronizer
     private AuditLogger $logger;
     private MetricsCollector $metrics;
     private CheckpointManager $checkpoints;
-    private MokoStandardsParser $manifestParser;
+    private ManifestParser $manifestParser;
 
     /**
      * Constructor
@@ -66,7 +66,7 @@ class RepositorySynchronizer
         $this->logger           = $logger;
         $this->metrics          = $metrics;
         $this->checkpoints      = $checkpoints      ?? new CheckpointManager('.checkpoints');
-        $this->manifestParser   = new MokoStandardsParser();
+        $this->manifestParser   = new ManifestParser();
     }
 
     /**
@@ -287,7 +287,7 @@ class RepositorySynchronizer
                 $file = $this->adapter->getFileContents($org, $repo, $path);
                 $content = base64_decode($file['content'] ?? '');
                 $platform = $this->manifestParser->extractPlatform($content);
-                if ($platform !== null && in_array($platform, MokoStandardsParser::VALID_PLATFORMS, true)) {
+                if ($platform !== null && in_array($platform, ManifestParser::VALID_PLATFORMS, true)) {
                     return $platform;
                 }
             } catch (Exception $e) {
@@ -412,7 +412,7 @@ class RepositorySynchronizer
             $this->ensureComposerEnterprise($org, $repo, $defaultBranch, $summary);
 
             // Migrate legacy .mokostandards to XML manifest (default branch only)
-            $this->migrateMokoStandards($org, $repo, $defaultBranch, $platform, $repoInfo, $summary);
+            $this->migrateManifest($org, $repo, $defaultBranch, $platform, $repoInfo, $summary);
 
             if (count($summary['copied']) === 0) {
                 $this->logger->logWarning("No files were created/updated for {$repo}");
@@ -641,7 +641,7 @@ class RepositorySynchronizer
      *  2. Format migration: legacy "platform: xxx" → XML manifest
      *  3. Update existing XML: refresh <governance><last-synced> timestamp
      */
-    private function migrateMokoStandards(
+    private function migrateManifest(
         string $org,
         string $repo,
         string $branchName,
@@ -694,7 +694,7 @@ class RepositorySynchronizer
         }
 
         // ── Generate the new XML manifest ───────────────────────────
-        $xmlContent = $this->generateMokoStandardsXml(
+        $xmlContent = $this->generateManifestXml(
             $org,
             $repo,
             $platform,
@@ -766,7 +766,7 @@ class RepositorySynchronizer
      * @param string|null $existingContent Current .mokostandards content (XML or legacy)
      * @return string Well-formed XML content
      */
-    private function generateMokoStandardsXml(
+    private function generateManifestXml(
         string $org,
         string $repo,
         string $platform,
@@ -781,7 +781,7 @@ class RepositorySynchronizer
             'description'       => $repoInfo['description'] ?? '',
             'license'           => 'GPL-3.0-or-later',
             'topics'            => $repoInfo['topics'] ?? [],
-            'language'          => $repoInfo['language'] ?? MokoStandardsParser::platformLanguage($platform),
+            'language'          => $repoInfo['language'] ?? ManifestParser::platformLanguage($platform),
             'package_type'      => mokoplatformParser::platformPackageType($platform),
             'last_synced'       => date('c'),
         ];
@@ -831,7 +831,7 @@ class RepositorySynchronizer
         }
 
         $xpath = new \DOMXPath($dom);
-        $xpath->registerNamespace('m', MokoStandardsParser::NAMESPACE_URI);
+        $xpath->registerNamespace('m', ManifestParser::NAMESPACE_URI);
 
         // Update <platform>
         $nodes = $xpath->query('//m:governance/m:platform');
@@ -853,7 +853,7 @@ class RepositorySynchronizer
             $govNodes = $xpath->query('//m:governance');
             if ($govNodes->length > 0) {
                 $lastSyncedEl = $dom->createElementNS(
-                    MokoStandardsParser::NAMESPACE_URI,
+                    ManifestParser::NAMESPACE_URI,
                     'last-synced'
                 );
                 $lastSyncedEl->textContent = $lastSynced;