v1.0.7 — Structured risk & legal in the SBOM

What's new

Structured risk & legal in the SBOM — each scanned model component now carries aisbom:risk and aisbom:legal CycloneDX properties alongside the existing aisbom:* format/findings properties, so downstream consumers can read the risk level and legal status structurally instead of parsing the description string.

What's not changing

Scanner behavior, exit codes, and all output formats are identical to v1.0.6. The description string is byte-for-byte unchanged — these properties are purely additive and backward-compatible. aisbom diff is unaffected (it ignores properties[]), so existing CI/CD drift checks see no change.