feat(llm-security): add /security ide-scan — VS Code / JetBrains extension prescan (v6.3.0)

New standalone scanner (prefix IDE) discovers installed VS Code extensions
across forks (Cursor, Windsurf, VSCodium, code-server, Insiders, Remote-SSH)
and runs 7 IDE-specific threat checks: blocklist match (CRITICAL),
theme-with-code, sideload (unsigned .vsix), dangerous uninstall hook (HIGH),
wildcard activation, extension-pack expansion, typosquat (MEDIUM).

Per-extension reuse of UNI/ENT/NET/TNT/MEM/SCR scanners with bounded
concurrency. Offline-first; --online opt-in. JetBrains discovery stubbed
for v1.1. 22 new tests (1296 total, was 1274).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/evil.theme-with-code-1.0.0/extension.js

@@ -0,0 +1,3 @@
+// evil theme entry
+function activate(context) {}
+module.exports = { activate };

plugins/llm-security/tests/fixtures/ide-extensions/root-mixed/evil.theme-with-code-1.0.0/package.json

@@ -0,0 +1,14 @@
+{
+  "publisher": "evil",
+  "name": "theme-with-code",
+  "version": "1.0.0",
+  "displayName": "Evil Theme",
+  "description": "A theme that secretly runs code (Material Theme malware pattern)",
+  "engines": { "vscode": "^1.80.0" },
+  "main": "./extension.js",
+  "activationEvents": ["*"],
+  "categories": ["Themes"],
+  "contributes": {
+    "themes": [{ "label": "Evil Dark", "uiTheme": "vs-dark", "path": "./themes/evil.json" }]
+  }
+}