feat(analyzer): implement MCP rug-pull detection (RP1-RP3)

[mimran-khan]

Summary

The mcp_rug_pull analyzer was a non-functional stub that unconditionally returned empty findings — indistinguishable from "checked and found nothing" in scan output. This gave users a false sense of security when scanning MCP-enabled skills.

This PR implements actual rug-pull detection with two analysis modes:

Manifest Comparison (when previous_manifest is supplied)

Rule	Detection	Severity
RP1	New parameters added to tools	HIGH
RP2	Tool/skill description changed	MEDIUM
RP3	Parameters removed from tools	MEDIUM

Static Risk Analysis (always runs)

Rule	Detection	Severity
RP1	Wildcard (*) permissions	HIGH
RP2	Dynamic tool loading patterns (fetch_tools, runtime discovery)	MEDIUM

Key Behavior Changes

1. No more silent no-ops: When previous_manifest is unavailable, the analyzer now logs a WARNING instead of silently producing "0 findings"
2. Actual detection: Identifies concrete rug-pull risk indicators
3. Actionable findings: Each finding includes specific remediation guidance

How Rug-Pull Detection Works

First scan:   manifest A → stored as baseline
Second scan:  manifest B → compared against A
                          → RP1 if new params added (data capture)
                          → RP2 if descriptions changed (prompt injection)
                          → RP3 if params removed (behavior divergence)

Static analysis runs on every scan regardless, catching:

• Overly broad permissions that amplify rug-pull impact
• Dynamic tool loading that makes definitions unpredictable between scans

Testing

15 new tests covering:

• RP1: New parameter detection
• RP2: Description change detection
• RP3: Parameter removal detection
• No-change produces no findings
• Empty manifests handled gracefully
• Wildcard permission flagged
• Specific permissions pass
• Dynamic loading patterns caught
• Normal code not flagged
• Node integration with/without previous_manifest
• Warning logged when comparison unavailable

Fixes #150