feat: add annotation/audit tools with sql.js backend

Adds MCP tools for annotation of query results and auditing of queried
codebases, as inspired by `GitHubSecurityLab/seclab-taskflow-agent`:

ref -> https://github.com/GitHubSecurityLab/seclab-taskflow-agent

Replace lowdb with sql.js (asm.js build) as the unified storage
backend. The asm.js build bundles inline with esbuild — no external
deps, no WASM binary, single self-contained JS output preserved.

Annotation & audit tools (opt-in via ENABLE_ANNOTATION_TOOLS):
- annotation_{create,get,list,update,delete,search}: general-purpose
  notes/bookmarks on any entity with SQL-backed filtering
- audit_{store_findings,list_findings,add_notes,clear_repo}: repo-keyed
  finding management for MRVA triage workflows
- Consolidated behind single ENABLE_ANNOTATION_TOOLS flag

CallGraphFromTo external predicates:
- Wire sourceFunction + targetFunction CSV handling in cli-tool-registry

Integration test fixtures:
- 3 CallGraphFromTo tests (cpp, javascript, python)
- 4 annotation tool tests (create, list, search, delete)
- 4 audit tool tests (store, list, triage notes, clear)
- 1 MRVA workflow test (6-step finding triage)
- 3 extension integration tests (opt-in gating, MRVA+annotation e2e)

Storage migration:
- SessionDataManager now uses SqliteStore instead of lowdb
- 20 new SqliteStore unit tests, all 1019 server tests passing

Author: data-douser

client/integration-tests/primitives/tools/annotation_create/basic_create/after/monitoring-state.json

@@ -0,0 +1,12 @@
+{
+  "toolName": "annotation_create",
+  "parameters": {
+    "category": "note",
+    "entityKey": "file:test/Example1.ql:L10",
+    "content": "Potential SQL injection via string concatenation",
+    "label": "sql-injection-candidate",
+    "metadata": "{\"severity\":\"high\",\"cwe\":\"CWE-89\"}"
+  },
+  "success": true,
+  "description": "Successfully created a note annotation with content, label, and structured metadata"
+}

client/integration-tests/primitives/tools/annotation_create/basic_create/before/monitoring-state.json

@@ -0,0 +1,12 @@
+{
+  "toolName": "annotation_create",
+  "parameters": {
+    "category": "note",
+    "entityKey": "file:test/Example1.ql:L10",
+    "content": "Potential SQL injection via string concatenation",
+    "label": "sql-injection-candidate",
+    "metadata": "{\"severity\":\"high\",\"cwe\":\"CWE-89\"}"
+  },
+  "expectedSuccess": true,
+  "description": "Test annotation_create tool creates a note annotation with content, label, and metadata"
+}

client/integration-tests/primitives/tools/annotation_create/basic_create/test-config.json

@@ -0,0 +1,10 @@
+{
+  "toolName": "annotation_create",
+  "arguments": {
+    "category": "note",
+    "entityKey": "file:test/Example1.ql:L10",
+    "content": "Potential SQL injection via string concatenation",
+    "label": "sql-injection-candidate",
+    "metadata": "{\"severity\":\"high\",\"cwe\":\"CWE-89\"}"
+  }
+}

client/integration-tests/primitives/tools/annotation_delete/delete_by_prefix/after/monitoring-state.json

@@ -0,0 +1,8 @@
+{
+  "toolName": "annotation_delete",
+  "parameters": {
+    "entityKeyPrefix": "file:test/"
+  },
+  "success": true,
+  "description": "Successfully deleted annotations matching the entity key prefix"
+}

client/integration-tests/primitives/tools/annotation_delete/delete_by_prefix/before/monitoring-state.json

@@ -0,0 +1,8 @@
+{
+  "toolName": "annotation_delete",
+  "parameters": {
+    "entityKeyPrefix": "file:test/"
+  },
+  "expectedSuccess": true,
+  "description": "Test annotation_delete tool deletes annotations matching an entity key prefix"
+}

client/integration-tests/primitives/tools/annotation_delete/delete_by_prefix/test-config.json

@@ -0,0 +1,6 @@
+{
+  "toolName": "annotation_delete",
+  "arguments": {
+    "entityKeyPrefix": "file:test/"
+  }
+}

client/integration-tests/primitives/tools/annotation_list/filter_by_category_and_prefix/after/monitoring-state.json

@@ -0,0 +1,10 @@
+{
+  "toolName": "annotation_list",
+  "parameters": {
+    "category": "note",
+    "entityKeyPrefix": "file:test/",
+    "limit": 10
+  },
+  "success": true,
+  "description": "Successfully listed annotations filtered by category and entity key prefix"
+}

client/integration-tests/primitives/tools/annotation_list/filter_by_category_and_prefix/before/monitoring-state.json

@@ -0,0 +1,10 @@
+{
+  "toolName": "annotation_list",
+  "parameters": {
+    "category": "note",
+    "entityKeyPrefix": "file:test/",
+    "limit": 10
+  },
+  "expectedSuccess": true,
+  "description": "Test annotation_list tool filters annotations by category and entity key prefix"
+}

client/integration-tests/primitives/tools/annotation_list/filter_by_category_and_prefix/test-config.json

@@ -0,0 +1,8 @@
+{
+  "toolName": "annotation_list",
+  "arguments": {
+    "category": "note",
+    "entityKeyPrefix": "file:test/",
+    "limit": 10
+  }
+}

client/integration-tests/primitives/tools/annotation_search/full_text_search/after/monitoring-state.json

@@ -0,0 +1,9 @@
+{
+  "toolName": "annotation_search",
+  "parameters": {
+    "query": "SQL injection",
+    "limit": 20
+  },
+  "success": true,
+  "description": "Successfully searched annotations by content text"
+}