Implement CG-011: VirusTotal HTTP client with caching, quota control, and tests

[ysqander]

Motivation

• Implement the CG-011 ticket to provide VirusTotal enrichment for static scans, with caching and quota controls so hash lookups can be used inline without risking rate-limit or latency failures.
• Export the client from the integrations package and update the ticket tracking to mark CG-011 complete and advance the next work items.

Description

• Add VirusTotalHttpClient in packages/integrations/src/virustotal-client.ts implementing file-hash lookups (GET /files/{hash}), async file submission (POST /files + GET /analyses/{id}), URL/domain verdicts, and the search endpoint, normalizing responses to ThreatIntelVerdict.
• Implement in-memory TTL caching, in-flight request deduplication, local quota/window enforcement, and remote 429 handling with structured VirusTotalQuotaEvent emission.
• Export the client and related types from packages/integrations/src/index.ts and add a package-level test runner by updating packages/integrations/package.json with a test script.
• Add unit tests in packages/integrations/src/virustotal-client.test.ts covering caching, in-flight deduplication, quota exhaustion degradation, and async upload/polling flows, and make small type-safety adjustments to satisfy strict TypeScript settings.

Testing

• Ran pnpm build and the workspace build completed successfully.
• Ran pnpm typecheck and the workspace typecheck completed successfully under strict settings.
• Ran pnpm --filter @clawguard/integrations test and all integration tests in packages/integrations passed (4 tests).
• Ran full pnpm test which ran package tests but failed due to an unrelated existing @clawguard/discovery test failure: buildSkillSnapshot returns read-failed when a file cannot be read, which is outside the scope of these changes.

---

Codex Task