feat: add Product Security Wayfinder with SDLC grouping and metadata filters (fixes #426)

[PRAteek-singHWY]

Summary

Fixes #426
Implements the Product Security Wayfinder for OpenCRE (issue #426).

This PR introduces an end-to-end Wayfinder flow:

• backend aggregation of non-CRE resources
• metadata enrichment (SDLC phase, supporting org, license)
• filtering/faceting API
• new frontend Wayfinder page with SDLC lane visualization and filters

What Changed

Backend

• Added GET /rest/v1/wayfinder endpoint
  • supports filters: sdlc, supporting_org, license, doctype, q
  • returns:
    • data (filtered resources)
    • grouped_by_sdlc
    • facets
    • stats
• Added DB aggregation method for wayfinder resources.
• Added static metadata enrichment map with sensible fallback defaults.

Frontend

• Added new /wayfinder page:
  • SDLC-lane grouped cards
  • search + multi-select facet filters
  • counts/stats
• Added route and header nav entry for Wayfinder.
• Added TypeScript types for Wayfinder API response.

Docs

• Updated OpenAPI spec with /rest/v1/wayfinder.

Tests

• Added API tests for:
  • payload shape
  • filter behavior

Validation

• ./venv/bin/python -m pytest -q application/tests/web_main_test.py -k wayfinder
• ./venv/bin/python -m compileall -q application/web/web_main.py application/database/db.py application/utils/wayfinder_metadata.py

Notes

This PR uses a static metadata map + fallback as the first implementation step, aligned with issue guidance.
Importer-native metadata enrichment can be extended in follow-up work.