v0.13.0 — scanner unit tests + any-JDK bytecode (ASM 9.7)

Tests

A unit-test suite for the scanners — autofix, near-miss, config audit, config validator, secrets, misconfig — including regression tests for the v0.12.1 fixes (cross-method variable scoping, ambiguous file names, the sensitive-getter false positive, cross-method escaped variable). Test count went from 2 to 18. An in-memory Java compiler builds bytecode fixtures so the ASM-based scanners are tested against real .class files.

Fixed

Writing those tests surfaced a real defect: the bytecode scanners (secrets, misconfig) threw "Unsupported class file major version 65" on Java 21+ bytecode, because ASM was pinned at 9.4. Bumped to 9.7 (reads class files up to Java 23), so the "any JDK" claim for these scanners now actually holds.

The taint scan still needs a JDK 17 runtime — that is a separate Tai-e frontend limitation, not ASM.