[connectors] feat: Add Jira connector for web-security

[GangGreenTemperTatum]

Summary

Adds a Jira Cloud MCP connector to the web-security capability so validated findings can be exported as internal Jira remediation tickets.

The connector is intentionally scoped to the post-validation delivery path. The web-security agent guidance now instructs agents to use Jira only after the normal reporting pipeline has completed: assess_confidence, report-preflight, exploit-verifier, and report-writer.

Changes

• Adds capabilities/web-security/mcp/jira.py as a self-contained uv run FastMCP server.
• Wires the jira MCP server into capabilities/web-security/capability.yaml.
• Adds agent prompt guidance for Jira export behavior and required environment variables.
• Adds focused tests for authentication settings, ADF conversion, metadata lookup, issue creation, issue fetch, and comment creation.

Connector Surface

• jira_health
• jira_get_create_metadata
• jira_create_issue
• jira_get_issue
• jira_add_comment

Auth uses JIRA_BASE_URL, JIRA_EMAIL, and JIRA_API_TOKEN.

Validation

• uv run pytest capabilities/web-security/tests/test_jira_mcp.py passed: 10 tests.
• mypy capabilities/web-security/mcp/jira.py capabilities/web-security/tests/test_jira_mcp.py --ignore-missing-imports passed.
• pre-commit run --files capabilities/web-security/capability.yaml capabilities/web-security/agents/web-security.md capabilities/web-security/mcp/jira.py capabilities/web-security/tests/test_jira_mcp.py passed.
• just validate completed with 0 failures.
• MCP startup smoke passed via uv run capabilities/web-security/mcp/jira.py; process stayed running until timeout as expected for stdio MCP.
• PYTHONPATH=capabilities/web-security/tools uv run pytest capabilities/web-security/tests passed: 146 passed, 7 existing warnings.
• git diff --check passed.

Known just validate warnings are pre-existing environment warnings unrelated to this change: bloodhound-enterprise runtime imports, local web-security caido-cli/Burp checks, and windows-reversing Java 17 check.