Implement CG-012 static report synthesis in @clawguard/reports

[ysqander]

Motivation

• Complete ticket CG-012 to produce a deterministic static report synthesis that combines local static scanner output with ClawHub and VirusTotal enrichment and makes a persisted, human-readable record for CLI/notifications.

Description

• Add a new synthesis API in @clawguard/reports: synthesizeStaticReport, persistSynthesizedStaticReport, renderStaticSummary, and renderStaticReport, which validate scan/report consistency, merge threat-intel verdicts, derive ReportSummary, and produce plain-language rationale and markdown output.
• Wire persistence to the storage layer using storage.persistStaticReport, storage.writeJsonArtifact, and storage.writeArtifact, and emit report-json and report-markdown artifacts for navigable evidence.
• Add unit tests in packages/reports/src/index.test.ts that cover merging enrichment, enrichment caveats in rendered output, and persistence call sequencing.
• Update packages/reports/package.json and tsconfig.json to depend on @clawguard/storage, add a test script, add tsx as a dev dependency, and update docs (docs/clawguard-ticket-breakdown.md and docs/clawguard-development-plan.md) to mark CG-012 complete and refresh the milestone snapshot.

Testing

• Ran pnpm install successfully and then pnpm build, with an initial type mismatch fixed and a successful full workspace build after adjustments.
• Ran pnpm typecheck successfully across the workspace with no new type errors reported.
• Ran pnpm --filter @clawguard/reports test and all @clawguard/reports tests passed; the new tests exercise synthesis, rendering, and persistence wiring.
• Ran the full pnpm test; the workspace test run shows the new reports tests passing but an existing, unrelated discovery test failed (buildSkillSnapshot returns read-failed when a file cannot be read), so the overall suite did not fully pass.

---

Codex Task