fix(sdk): degrade gracefully on discovery dataset failures

[dannysteenman]

Summary

• What changed?
  • Added stronger shared AWS throttling backoff with jitter for discovery dataset loaders.
  • Changed AWS discovery to downgrade unavailable datasets into diagnostics instead of aborting the entire run.
  • Skips discovery rules whose required datasets are unavailable and surfaces the skip reason in JSON output.
  • Improved CLI table formatting by rendering diagnostics in a dedicated table instead of mixing them into the findings table.
• Why was this needed?
  • Large-account discovery could fail outright when a dataset such as CloudWatch Logs metric filter coverage hit AWS throttling or other recoverable service errors.
  • Users needed to see which discovery datasets and rules were skipped, and why, without losing the rest of the discovery results.

Diagram

flowchart TD
    A["Discover datasets"] --> B{"Dataset loads?"}
    B -->|success| C["Store hydrated dataset"]
    B -->|access denied / throttled / error| D["Emit dataset diagnostic"]
    D --> E["Mark dataset unavailable"]
    C --> F["Evaluate rules"]
    E --> F
    F --> G{"Rule dependencies available?"}
    G -->|yes| H["Emit findings"]
    G -->|no| I["Emit skipped-rule diagnostic"]
    H --> J["CLI output"]
    I --> J
    D --> J

Loading

Scope

• cloudburn (cli)
• @cloudburn/sdk
• @cloudburn/rules
• docs/community files

Release Notes

• Added a .changeset/*.md file for published package changes
• No published package changes in this PR

Verification

• pnpm lint
• pnpm typecheck
• pnpm test
• pnpm build
• pnpm verify

Boundary Checks

• No engine/parser/provider logic added to @cloudburn/rules
• CLI delegates scan logic to SDK
• README/CONTRIBUTING/docs updated when behavior changed