AIML-228: Add appID and appName to VulnLight record [STACKED] (#28)

* Add appID and appName fields to VulnLight record (AIML-228)

Enables correlation of vulnerabilities to their owning applications by
including application identifiers in VulnLight objects returned by all
vulnerability listing tools.

Changes:
- Add appID and appName fields to VulnLight record with JavaDoc
- Update VulnerabilityMapper to extract application data from Trace
- Add APPLICATION expand to all vulnerability query operations
- Add unit tests for application field mapping (null and populated cases)
- Add integration test assertions verifying appID/appName presence
- All tests pass (250/250 unit + integration tests)

Benefits:
- Users can immediately identify which app owns each vulnerability
- Eliminates need to query all apps to find vulnerability ownership
- Simplifies testing and debugging of app-specific vulnerability tools
- Backwards compatible (new fields only, none removed)

Tools affected:
- list_all_vulnerabilities
- list_vulnerabilities
- list_vulns_by_app_and_metadata
- list_vulns_by_app_latest_session

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Add stacked PR workflow documentation to CLAUDE.md

Documents the process for creating draft PRs that depend on unmerged PRs
(stacked branches), including:
- Identifying the base PR
- Creating draft PR with proper configuration
- Required warning message format
- Verification steps
- Example command

Triggered by phrases like "ready for stacked PR" or "ready for draft review".

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Add coding standards section to CLAUDE.md

Documents Java coding conventions for the project:
- Prefer var for local variables when type is obvious
- Use isEmpty() instead of size() comparisons for collections

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Add 'Promoting Stacked PR to Ready for Review' workflow to CLAUDE.md

Document the complete workflow for promoting a draft stacked PR to ready-for-review
after its base PR has been merged to main.

Includes:
- Prerequisites and validation steps
- 10-step detailed workflow (verify, rebase, push, update, test)
- Full example commands from AIML-224 experience
- Common issues and troubleshooting guidance
- User experience phrases: 'move stacked PR to ready', 'promote stacked PR', etc.

This codifies the process used successfully for PR #25 (AIML-224).

* Restructure AI Development Workflow with stacked branch clarifications

Enhanced the workflow documentation to clarify stacked branch handling
and ensure consistent high-quality PR descriptions:

- Added Workflow Overview with decision tree and label definitions
- Clarified stacked-branch label usage for branches based on PR branches
- Created shared "Creating High-Quality PR Descriptions" section
- Updated "Moving to Review" for standard PRs (pr-created + in-review labels)
- Updated "Stacked PRs" workflow (pr-created label only, draft status)
- Enhanced "Promoting Stacked PR" to add in-review label on promotion
- Emphasized human review as bottleneck requiring effortless reviews

Key improvements:
- Consistent PR description quality across both workflows
- Clear label lifecycle (pr-created vs in-review timing)
- Stacked beads must depend on parent bead
- Both workflows reference shared description format

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

---------

Co-authored-by: Claude <[email protected]>

Author: ChrisEdwards