Add typed DetectionMeta extension to MemoryNote.Metadata

[rolandpg]

Spun out from PR #70 (Phase 3: detection rules first-class), Phase 4 review item CR-W6.

Context

YARA and Sigma ingest build up rich per-rule metadata that currently only
survives in the note body (and on the transient entity/relations objects
returned by rule_to_entities):

• YARA: CCCS tier, source_path, mitre_att summary, category, technique,
  author, fingerprint, hash_of_sample
• Sigma: logsource facets, rule_level, rule_status, references,
  falsepositives, fields

Downstream consumers that want keyed access (e.g. a SOC dashboard filtering
notes by cccs_compliant == "strict") have to re-parse the note body
every time.

Ask

Add a typed extension slot — e.g. MemoryNote.Metadata.detection —
with a DetectionMeta dataclass carrying the fields we already know
we need. Let Sigma and YARA ingest populate it at write time.

Scope

• New DetectionMeta dataclass (shared between Sigma and YARA).
• Plumb through MemoryManager.remember / the note schema.
• Migrate Sigma + YARA ingest to write it.
• Backfill query helpers (optional — get_notes_by_detection_tier etc.).

Deliberately NOT in PR #70

Landing this on the Phase 3 branch would have expanded scope significantly
and required a storage-schema migration. Treating as a v1.1 follow-up.