Add legal artifact presets, FOSSA-compatible outputs

[lelia]

Summary

Introduces a compliance-oriented --legal workflow to socketcli and an opt-in --legal-format fossa mode for producing FOSSA-compatible artifact shapes.

Changes

The --legal workflow enables license generation and default artifact output for:

• socket-report.json
• socket-summary.txt
• socket-report-link.txt
• socket-sbom.json
• socket-license.json

The new --legal-format fossa mode adapts those outputs toward the FOSSA pipeline by:

• emitting a FOSSA-shaped analyze report:
  • project
  • vulnerability
  • licensing
  • quality
• emitting a FOSSA-style attribution artifact:
  • project
  • dependencies
• using FOSSA-like default filenames:
  • fossa-analyze.json
  • fossa-test.txt
  • fossa-link.txt
  • fossa-sbom.json

Adds

• Explicit file output support for JSON reports, summary text, and report links
• Hardened legal artifact generation for sparse scan paths so artifact creation completes safely even when SBOM/package data is incomplete

Testing

• Used PR previews to generate real legal artifacts, validate outputs, and fix/retest bugs
• Added unit test coverage for:
  • --legal and --legal-format defaults
  • FOSSA-compatible reports, attribution output
  • various missing SBOM/package data scenarios
• Added fixture-based checks against real shared fossa-analyze-*.json samples

[github-actions]

🚀 Preview package published!

Install with:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.2.87.dev3

Docker image: socketdev/cli:pr-199