feat: Add Security Inspector with built-in rules (M7.1)

[nathanhuh]

Summary

Umbrella issue for adding the Security Inspector feature and its built-in rule packs.

Scope

Add an Inspector entry to the service catalog, run a set of built-in security checks against AWS resources, and present findings in the TUI with severity and remediation context.

Delivery Split

• feat: Add Security Inspector skeleton and results workflow #89 feat: Add Security Inspector skeleton and results workflow
• feat: Add Security Inspector rules for Security Groups and RDS #90 feat: Add Security Inspector rules for Security Groups and RDS
• feat: Add Security Inspector rules for IAM and Secrets Manager #91 feat: Add Security Inspector rules for IAM and Secrets Manager
• feat: Add Security Inspector S3 exposure and versioning checks #92 feat: Add Security Inspector S3 exposure and versioning checks

Notes

• Treat this issue as the umbrella tracker rather than the direct implementation ticket.
• Reuse the existing AWS service clients where possible instead of introducing parallel service layers.
• Keep rule additions incremental so each rule pack can be tested and reviewed independently.

[nathanhuh]

Shipped via #89, #90, #91, and #92. Follow-on Security Inspector coverage is tracked separately in #99-#105.