v1.1.0 — Private & gated Hugging Face model scanning

What's new

Private & gated Hugging Face model scanning — authenticate with an environment token.

• Token auth: set HF_TOKEN (or HUGGING_FACE_HUB_TOKEN) and AIsbom can scan private and gated hf:// models. The token is sent only to huggingface.co, is dropped on the redirect to the LFS CDN, and is never written to logs or telemetry.
• Clearer fetch errors: auth, network, and not-found failures now print a concise, status-aware message (no traceback) and exit non-zero, instead of silently reporting zero artifacts.
• CI guidance: README now shows the secrets.HF_TOKEN usage pattern and the egress requirement (HTTPS to huggingface.co and its LFS CDN).

What's not changing

Scanner behavior, exit codes, and output formats (CycloneDX / SPDX / Markdown) are identical to v1.0.7. Public-model scans still work with no token. Telemetry remains opt-out via AISBOM_NO_TELEMETRY=1; the only token-related field collected is a token_present boolean — never the value.