* feat: add comprehensive legacy scan routing logic [IDE-1697]

Mirror the cli-extension-os-flows ShouldUseLegacyFlow routing in the
language server's OSS scanner. The scan now routes to the legacy CLI
path when:

- SNYK_FORCE_LEGACY_CLI env var is set
- Legacy-only flags are passed (--print-graph, --print-deps,
  --print-dep-paths, --unmanaged)
- An individual package is being tested (e.g. snyk test lodash)
- No new-flow features are required (risk score FFs, --reachability,
  --sbom, useTestShimForOSCliTest FF)

Includes 21 unit tests covering all routing functions and edge cases.

Co-authored-by: Cursor <cursoragent@cursor.com>

* refactor: remove findTargetPackage from legacy routing logic [IDE-1697]

IDEs/LS never test individual packages by name - scanning is always
path-based. Remove the dead code path and its tests.

Co-authored-by: Cursor <cursoragent@cursor.com>

* refactor: use maps for flag lookups in legacy routing [IDE-1697]

Replace slice-based flag lookups with map-based O(1) lookups for both
legacyOnlyFlags and newFeatureFlags, as suggested in PR review. Also
removes stale individual package test case that referenced removed
findTargetPackage logic.

Co-authored-by: Cursor <cursoragent@cursor.com>

* test: add smoke test for legacy routing with --unmanaged flag [IDE-1697]

Add Test_SmokeLegacyRoutingUnmanagedWithRiskScore in server_smoke_test.go
to verify that --unmanaged flag correctly routes to legacy scanner even
when risk score feature flag is enabled. This test clones pilvikala/c-goof
and confirms the scan succeeds via the legacy CLI path.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>