chore: bump version to 2.1.1 across all components

[shivasurya]

Summary

Bumps all components to v2.1.1. Follows the established PR #659 pattern (+ #663's OCI tag sync).

Files bumped

• python-sdk — pyproject.toml, codepathfinder/__init__.py, CHANGELOG.md
• sast-engine — VERSION, cmd/root.go (the -X ldflag target), mcp/types_test.go
• MCP server descriptor — server.json (top-level version, pypi version, OCI v2.1.1 Docker tag — all three in one go, unlike v2.1.0 which needed chore: sync server.json docker tag to v2.1.0 #663 follow-up)
• CI workflow — .github/workflows/deploy-sandbox.yml default + description
• README — shivasurya/code-pathfinder@v2.1.1 action reference

What's in 2.1.1

Fixes (landed in #665 on this release):

• Python type inference now resolves with X() as y: bindings — closes the gap that prevented pure-L3 matchers from firing on with tarfile.open(p) as tar: tar.extractall() and similar context-manager patterns across zipfile, gzip, tempfile, sqlite3, socket, open.
• Typed function parameters (def f(bundle: tarfile.TarFile): ...) seed the function scope, so bundle.method() resolves via the annotation. Supports Optional[T], Union[T, None], T | None, generics, forward references ("MyClass"), and import-aliased names.
• Nested-function scope FQNs now match Pass 1's indexing (module.parent.nested), fixing a latent issue that silently dropped bindings for helpers nested inside class methods.

Test plan

• go build ./... clean
• go test ./mcp/ ./cmd/ ./updatecheck/ ./output/ — version-asserting packages green
• No stray 2.1.0 / v2.1.0 left in any bumped file (grep verified; SARIF spec references are unrelated)
• 9 files touched (matches PR chore: bump version to 2.1.0 across all components #659's bump scope)

🤖 Generated with Claude Code

[safedep]

SafeDep Report Summary

No dependency changes detected. Nothing to scan.

View complete scan results →

_{This report is generated by SafeDep Github App}

[github-actions]

Code Pathfinder Security Scan

No security issues detected.

Metric	Value
Files Scanned	9
Rules	205

---

_{Powered by Code Pathfinder}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.04%. Comparing base (8b32a78) to head (b39b1a4).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #666      +/-   ##
==========================================
- Coverage   85.06%   85.04%   -0.02%     
==========================================
  Files         172      172              
  Lines       25027    25027              
==========================================
- Hits        21288    21285       -3     
- Misses       2942     2945       +3     
  Partials      797      797              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.