v0.1.0

v0.1.0

• Added deterministic diffing for CycloneDX JSON, SPDX JSON, requirements.txt, and pyproject.toml
• Added conservative risk buckets for new packages, major upgrades, unknown licenses, suspicious sources, and opt-in future stale evaluation
• Added stable JSON/Markdown reporting with golden tests
• Clarified scope: no CVE matching, no hidden enrichment, no reputation scoring by default