refactor(scan): use Promise.allSettled to prevent memory leaks

Switch from Promise.all to Promise.allSettled in fetch-report-data to
prevent memory leaks from short-circuit behavior. If one promise fails
unexpectedly (e.g., bug in catch handler), Promise.all would immediately
reject while the other promise continues running in background, holding
resources and memory.

Promise.allSettled ensures both API calls complete before proceeding,
properly cleaning up all resources regardless of success/failure.

Author: jdalton

packages/cli/src/commands/scan/fetch-report-data.mts

@@ -128,10 +128,7 @@ export async function fetchScanData(
 
   updateProgress()
 
-  const [scan, securityPolicy]: [
-    CResult<SocketArtifact[]>,
-    CResult<SocketSdkSuccessResult<'getOrgSecurityPolicy'>['data']>,
-  ] = await Promise.all([
+  const results = await Promise.allSettled([
     fetchScanResult().catch(e => {
       updateScan('failure; unknown blocking error occurred')
       return {
@@ -157,6 +154,22 @@ export async function fetchScanData(
     updateProgress()
   })
 
+  const scan: CResult<SocketArtifact[]> = results[0].status === 'fulfilled'
+    ? results[0].value
+    : {
+        ok: false as const,
+        message: 'Unexpected error',
+        cause: 'Promise rejected unexpectedly',
+      }
+
+  const securityPolicy: CResult<SocketSdkSuccessResult<'getOrgSecurityPolicy'>['data']> = results[1].status === 'fulfilled'
+    ? results[1].value
+    : {
+        ok: false as const,
+        message: 'Unexpected error',
+        cause: 'Promise rejected unexpectedly',
+      }
+
   if (!scan.ok) {
     return scan
   }