feat: security advisory aggregator, manifest API rewrite, namespace rename (#150, #283)

- Add `security:advisories` command — cross-repo CVE scanner via composer audit
  with checkpoint resumability, severity filtering, and auto-issue creation
- Rewrite `manifest:read` to use Gitea manifest API as primary source with
  auto-detection fallback from source tree (no more manifest.xml dependency)
- Rename MokoStandards namespace → MokoCli across all files
- Rename MokoEnterprise namespace → MokoCli across all files
- Rename MokoStandardsParser class → ManifestParser
- Fix composer.json autoload paths: src/ → source/

lib/Enterprise/SourceResolver.php

@@ -16,13 +16,13 @@
 
 declare(strict_types=1);
 
-namespace MokoEnterprise;
+namespace MokoCli;
 
 /**
  * Source Directory Resolver
  *
  * Provides a single, consistent fallback chain for locating the root-level
- * source directory in any MokoStandards repository. The preferred directory
+ * source directory in any MokoCli repository. The preferred directory
  * is `source/`, with legacy `src/` and `htdocs/` as fallbacks.
  *
  * This class exists because Joomla extensions use `src/` for namespace
@@ -181,7 +181,7 @@ class SourceResolver
     public static function warnIfLegacy(string $root): void
     {
         if (self::isLegacy($root)) {
-            fwrite(STDERR, "⚠  WARNING: This repo uses src/ which is deprecated. Rename to source/ per MokoStandards.\n");
+            fwrite(STDERR, "⚠  WARNING: This repo uses src/ which is deprecated. Rename to source/ per MokoCli conventions.\n");
         }
     }
 }