feat(worker): HackerOne per-finding report generator

[JonathanVD43]

Parent

#360

What to build

A report generator that produces one HackerOne-formatted markdown file per in-scope finding, written to workspaces/<workspace>/hackerone/. Findings that touched out-of-scope URLs (per the scope validator) are excluded from HackerOne output but retained in the executive summary. The existing executive report continues to be generated alongside.

End-to-end path:

• apps/worker/src/services/hackerone-reporter.ts — takes assembled findings, BountyConfig, and ScopeViolation[]; for each finding determines scope status; for each in-scope finding makes an LLM call with report-hackerone.txt template to produce the structured report; writes to workspaces/<workspace>/hackerone/finding-NNN-<slug>.md
• apps/worker/prompts/report-hackerone.txt — per-finding template producing: Title, Severity, CVSS vector (marked [SUGGESTED CVSS — review before submitting]), Asset (mapped from program's asset list), Summary, Steps to Reproduce (exact HTTP request, payload, auth state required, expected vs actual response), PoC, Impact, Suggested Fix
• Wired into the reporting activity in activities.ts; only runs when bountyConfig is present
• Active campaign asset name from bountyConfig used to populate the Asset field in reports

Acceptance criteria

• After a bounty scan, workspaces/<workspace>/hackerone/ contains one .md file per in-scope finding
• Each file contains all required HackerOne fields including CVSS suggestion marker
• Steps-to-reproduce section contains exact HTTP request, payload, auth state, expected vs actual
• Findings that touched out-of-scope URLs are absent from hackerone/ but present in executive summary
• Executive summary (report-executive.md) is still generated alongside HackerOne files
• Non-bounty scans produce no hackerone/ directory

Blocked by

#366