feat: add optional CSV export for findings and warnings

[stacknil]

Closes #23

Summary

• add an explicit --csv CLI option for optional CSV export
• emit findings.csv and warnings.csv only when CSV is explicitly requested
• add single-host and multi-host CSV golden regression coverage
• add a minimal .gitattributes guardrail so core text files are normalized to LF in the repository

Scope

This PR is limited to report and output-format behavior.
It does not change parser behavior, detector thresholds, enrichment, cross-host correlation, or existing Markdown/JSON report semantics.
This is a report-only change; no detector thresholds changed.

What changed

• added --csv as an explicit CLI flag
• added stable CSV writers for findings and warnings
• kept the CSV schema intentionally small and reviewable
• added checked-in golden findings.csv and warnings.csv fixtures for one single-host and one multi-host sanitized case
• updated CLI and report-contract regression tests to cover both default no-CSV behavior and explicit CSV output
• updated README and CHANGELOG briefly to document the new optional export
• added .gitattributes to reduce future LF/CRLF drift for shared text files

CSV schema

findings.csv

• rule
• subject_kind
• subject
• event_count
• window_start
• window_end
• usernames
• summary

warnings.csv

• kind
• message

Verification

• confirmed src/main.cpp, src/report.cpp, and tests/test_report_contracts.cpp are normal multiline text files locally
• cmake --preset dev-debug
• cmake --build --preset dev-debug
• ctest --preset dev-debug
• cmake --preset ci-release
• cmake --build --preset ci-release
• ctest --preset ci-release

Deferred

• host-summary CSV export
• additional CSV fields beyond the minimal findings and warnings contracts
• any parser-family, detector-policy, enrichment, or cross-host-correlation changes

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c5c43718b7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid deleting existing CSV outputs by default

When --csv is not passed, write_reports now unconditionally calls std::filesystem::remove on findings.csv and warnings.csv. This turns a read/overwrite-only run into a destructive operation: a normal invocation (especially with the default output directory of the current working directory) can delete pre-existing files that were not created by this run, and can also fail on permission errors for those stale files even though CSV export was not requested.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.