feat: pentest feature improvements — streaming, pause/resume, encryption, browser tool, reports, docs

- True SSE streaming via broadcast channels (DashMap per session)
- Session pause/resume with watch channels + dashboard buttons
- AES-256-GCM credential encryption at rest (PENTEST_ENCRYPTION_KEY)
- Concurrency limiter (Semaphore, max 5 sessions, 429 on overflow)
- Browser tool: headless Chrome CDP automation (navigate, click, fill, screenshot, evaluate)
- Report code-level correlation: SAST findings, code graph, SBOM linked per DAST finding
- Split html.rs (1919 LOC) into html/ module directory (8 files)
- Wizard: target/repo dropdowns from existing data, SSH key display, close button on all steps
- Auth: auto-register with optional registration URL (Playwright discovery), plus-addressing email, IMAP overrides
- Attack chain: tool input/output in detail panel, running node pulse animation
- Architecture docs with Mermaid diagrams + 8 screenshots

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

compliance-dast/src/tools/mod.rs

@@ -1,5 +1,6 @@
 pub mod api_fuzzer;
 pub mod auth_bypass;
+pub mod browser;
 pub mod console_log_detector;
 pub mod cookie_analyzer;
 pub mod cors_checker;
@@ -114,6 +115,7 @@ impl ToolRegistry {
             Box::new(openapi_parser::OpenApiParserTool::new(http.clone())),
         );
         register(&mut tools, Box::new(recon::ReconTool::new(http)));
+        register(&mut tools, Box::<browser::BrowserTool>::default());
 
         Self { tools }
     }