feat: enhance tracing with field attributes and warn logging across all handlers

Add repo_id, finding_id, and filter fields to tracing::instrument attributes
for better trace correlation in SigNoz. Replace all silently swallowed errors
(Err(_) => Vec::new()) with tracing::warn! logging across mod.rs, dast.rs,
graph.rs handlers. Add stage-level spans with .instrument() to pipeline
orchestrator for visibility into scan phases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compliance-agent/src/pipeline/cve.rs

@@ -27,6 +27,7 @@ impl CveScanner {
         repo_id: &str,
         entries: &mut [SbomEntry],
     ) -> Result<Vec<CveAlert>, CoreError> {
+        tracing::info!("scanning {} SBOM entries for known CVEs", entries.len());
         let mut alerts = Vec::new();
 
         // Batch query OSV.dev
@@ -93,7 +94,10 @@ impl CveScanner {
                 .json(&body)
                 .send()
                 .await
-                .map_err(|e| CoreError::Http(format!("OSV.dev request failed: {e}")))?;
+                .map_err(|e| {
+                    tracing::warn!("OSV.dev API call failed: {e}");
+                    CoreError::Http(format!("OSV.dev request failed: {e}"))
+                })?;
 
             if !resp.status().is_success() {
                 let status = resp.status();
@@ -104,10 +108,10 @@ impl CveScanner {
                 continue;
             }
 
-            let result: OsvBatchResponse = resp
-                .json()
-                .await
-                .map_err(|e| CoreError::Http(format!("Failed to parse OSV.dev response: {e}")))?;
+            let result: OsvBatchResponse = resp.json().await.map_err(|e| {
+                tracing::warn!("failed to parse OSV.dev response: {e}");
+                CoreError::Http(format!("Failed to parse OSV.dev response: {e}"))
+            })?;
 
             let chunk_vulns = result.results.into_iter().map(|r| {
                 r.vulns