feat: add package registry and maintainability check (#1400)

[RuchitAgrawal]

Summary

Adds a new check mcn_registry_maintainability_1 that validates whether a package exists on its public registry and is actively maintained.

Description of changes

The check uses three signals when available:

• Registry presence and release recency: Uses the existing find_publish_timestamp() to confirm the package exists and check how many days have passed since the last release. Exceeding the threshold fails the check.
• Deprecated/yanked status: Reads the yanked flag for PyPI packages and the deprecated field for npm packages from existing registry JSON responses. A yanked or deprecated package always fails, regardless of release age.
• GitHub repository signals: If the source repo is on GitHub, calls the existing get_repo_data() to check if the repo is archived and how recently code was pushed. An archived repo always fails.

Results include remediation guidance and links to the registry page and source repository. The inactivity threshold is configurable via defaults.ini under registry_maintainability (default: 365 days).

Related issues

Closes #1400

Checklist

• I have reviewed the contribution guide.
• My PR title and commits follow the Conventional Commits convention.
• My commits include the "Signed-off-by" line.
• I have signed my commits following the instructions provided by GitHub. Note that we run GitHub's commit verification tool to check the commit signatures. A green verified label should appear next to all of your commits on GitHub.
• I have updated the relevant documentation, if applicable.
• I have tested my changes and verified they work as expected.

[behnazh-w]

@RuchitAgrawal Thanks for the PR! Could you suggest a few packages that would fail this check? That would help us identify good candidates to include in integration tests.

[behnazh-w]

@RuchitAgrawal Looks like the integration tests are failing. You can search for "case failed" in the log to see which test is failing.