feat: implement context-aware suspicious pattern detection with MIME-specific scoring

[vientorepublic]

This pull request introduces advanced, context-aware suspicious pattern detection to the buffer analysis engine. The changes add MIME type–specific pattern matching, weighted scoring of suspicious patterns, configurable thresholds, and per-MIME-type configuration overrides. The documentation and tests are updated to reflect these new features.

Suspicious Pattern Detection Improvements:

• Suspicious patterns now include applicableMimeTypes and weight fields, allowing patterns to be matched only for relevant MIME types and to contribute different risk scores. Patterns can also use regex for advanced matching. (src/suspicious-patterns.ts, src/types.ts) [1] [2]
• The suspicious pattern analysis function now takes mimeType, maxAnalysisDepth, and threshold parameters, and returns a total score. Patterns are only flagged as suspicious if the total score meets or exceeds the configurable threshold. (src/suspicious-patterns.ts, src/engine.ts) [1] [2]

Configuration Enhancements:

• The engine supports a new suspiciousThreshold and mimeTypeSpecificConfig in its configuration, enabling global and per-MIME-type overrides for thresholds and analysis depth. Configuration validation is updated accordingly. (src/types.ts, src/engine.ts) [1] [2] [3] [4]

MIME Type Detection Improvements:

• MIME type detection now falls back to using the filename extension if magic bytes do not match, improving context for pattern filtering. (src/engine.ts)

Documentation Updates:

• The README.md is updated to explain the new context-aware analysis, scoring, thresholds, per-MIME-type configuration, and stream analysis behavior. Usage examples reflect the new API. [1] [2] [3] [4]

Test Updates:

• Tests are updated to use appropriate MIME types in filenames, ensuring patterns are only detected in relevant contexts. [1] [2]

Other:

• Adds a renovate.json configuration file for dependency management.