feat: PTSZI graph risk model (W formula)

[velvetway]

Summary

Replaces the ad-hoc Impact × Likelihood heuristic with a formal PTSZI model:

S (источник) → ST (угроза) → VL (уязвимое звено) → DA (деструктивное действие)
                                    ▲
                                   └─ controls (asset_controls)

Formula: W_i = (Q^threat + q^severity + (1 - Q^reaction)) / 3 · Z, где Z ∈ {0.5, 0.75, 1.0} — коэффициент контура.

What changed

• DB (migrations 007-010): 2 dictionary tables (threat_sources, destructive_actions), 4 junction tables, 2 new columns on threats (q_threat, q_severity) + heuristic seed edges.
• Go domain: ThreatSource, DestructiveAction, AttackPath, VLNode, ControlCoverage.
• Repositories: ThreatSourceRepository, DestructiveActionRepository, RiskGraphRepository with a CTE-based JSON-aggregation SQL for VL coverage.
• Service: new Service.AssembleAttackPath, ListThreatSources, ListDestructiveActions. Overview rewritten to use W while keeping legacy impact/likelihood/score for back-compat with the matrix UI.
• Calculator v2: CalculateW, LevelFromW, QReactionFromVLs, ZFromAsset with 14 new unit tests, all green; no regression in 15 existing risk tests.
• API (3 new):
  • GET /api/risk/graph/:asset_id/:threat_id
  • GET /api/threat-sources
  • GET /api/destructive-actions
• Frontend: d3-sankey component + RiskGraphPage with 5-stat breakdown (W, Q^th, q^sev, Q^re, Z). Click any dot on the risk matrix → opens the attack path.
• Docs: docs/risk-model.md with full formula explanation, linked from README.

Test plan

• go test ./internal/service/... ./internal/domain/... -count=1 — all pass
• CI=true npm run build in frontend/ — compiles clean
• curl /api/threat-sources returns 4 rows
• curl /api/destructive-actions returns 7 rows
• curl /api/risk/graph/1/1 returns JSON with w, q_threat, level
• Risk matrix click-through opens Sankey graph
• W formula components match spec: (Q^threat + q + (1-Q^reaction))/3 * Z

🤖 Generated with Claude Code