feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI

Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

plugins/llm-security-copilot/skills/supply-check/SKILL.md

@@ -0,0 +1,34 @@
+---
+name: security-supply-check
+description: Re-audit installed dependencies — check lockfiles against blocklists, OSV.dev CVEs, and typosquat detection
+---
+
+# Supply Chain Check
+
+Re-audit installed dependencies from lockfiles.
+
+## Step 1: Run Scanner
+
+```bash
+node <plugin-root>/scanners/supply-chain-recheck-cli.mjs $ARGUMENTS
+```
+
+Target = `$ARGUMENTS` or current working directory. Checks: package-lock.json, yarn.lock, requirements.txt, Pipfile.lock against blocklists, OSV.dev batch API, and Levenshtein typosquat detection.
+
+## Step 2: Format Results
+
+Parse JSON output. Show:
+
+```
+# Supply Chain Check: [STATUS]
+
+Findings: XC XH XM XL | Lockfiles: N scanned
+
+[If osv_offline: "OSV.dev unreachable — blocklist and typosquat checks ran, CVE checks skipped"]
+
+## Findings
+
+[Table: severity, package, ecosystem, type (blocklist/CVE/typosquat), description]
+```
+
+If zero findings: "All dependencies pass supply chain checks."