feat: add MCP server for exposing compliance data to LLMs (#5)

New `compliance-mcp` crate providing a Model Context Protocol server
with 7 tools: list/get/summarize findings, list SBOM packages, SBOM
vulnerability report, list DAST findings, and DAST scan summary.
Supports stdio (local dev) and Streamable HTTP (deployment via MCP_PORT).
Includes Dockerfile, CI clippy check, and Coolify deploy job.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #5

docs/guide/configuration.md

@@ -97,6 +97,17 @@ NVD_API_KEY=your-nvd-api-key
 
 Get a free key at [https://nvd.nist.gov/developers/request-an-api-key](https://nvd.nist.gov/developers/request-an-api-key).
 
+## MCP Server
+
+The MCP server exposes compliance data to external LLMs via the Model Context Protocol. See [MCP Server](/features/mcp-server) for full details.
+
+```bash
+# Set MCP_PORT to enable HTTP transport (omit for stdio mode)
+MCP_PORT=8090
+```
+
+The MCP server shares the `MONGODB_URI` and `MONGODB_DATABASE` variables with the rest of the platform.
+
 ## Clone Path
 
 Where the agent stores cloned repository files:
@@ -139,3 +150,4 @@ GIT_CLONE_BASE_PATH=/tmp/compliance-scanner/repos
 | `APP_URL` | No | — | Application root URL |
 | `OTEL_EXPORTER_OTLP_ENDPOINT` | No | — | OTLP collector endpoint |
 | `OTEL_SERVICE_NAME` | No | — | OpenTelemetry service name |
+| `MCP_PORT` | No | — | MCP HTTP transport port (omit for stdio) |