v0.17.0 - @RabbitListener source + real-CVE docs

What's new

• @RabbitListener as a taint source. A RabbitMQ message payload is external, untrusted input, modeled the same way as @KafkaListener. Closes the RabbitMQ item on the Phase 3 roadmap; adds a sqli-via-rabbit benchmark case.
• Intentionally vulnerable demo app (examples/demo-app) - a standalone Spring Boot 3 app where each category (reflected XSS, command injection, cross-layer SQL injection) ships a vulnerable endpoint and a safe sibling, so one scan demonstrates both true positives and false-positive checks.
• README gains a "Real CVEs of the classes it detects" section mapping each detector to public CVEs of the same bug class (Spring Cloud / Spring Data SQL injection, Spring Data Commons SpEL injection, a RuoYi SQLi).
• The design scope doc is brought up to date with shipped work.

Benchmark

40 cases (37 vulnerable, 3 safe): 36 detected by the taint engine alone, 0 false positives; the near-miss layer (--src) catches the remaining wrong-context flow (37/37).

The taint scan runs on a JDK 17 runtime (Tai-e frontend limit); the build is JDK 17+. The pattern scanners (secrets / misconfig / config) have no JDK ceiling.