Expand source-aware testing support

We already ship a strong set of tools and workflows for dynamic testing (DAST-style recon/scanning), but Strix needs better coverage for source-aware / SAST-style testing. Add more SAST tooling + better agent prompts/skills/playbooks so scans are meaningfully stronger when source code is available.