feat(enrichment): ReDoS scanner on added/changed regex

[JSONbored]

Context

A REES (review-enrichment service) analyzer. Tier: high-value.

Detects: A regex introduced/modified by the PR vulnerable to catastrophic backtracking (nested/overlapping quantifiers, ambiguous alternation) — DoS on attacker-controlled input.

Data source: Bundled recheck (npm) or redos-detector run over regex literals extracted from added (+) diff lines. Pure CPU, no network. Exact-or-fuzz verdict.

This is heavy/external/historical analysis the no-checkout headless claude --print reviewer cannot do; the REES returns it as a brief block the engine splices into the review (additive + fail-safe).

Implementation (established pattern, all inside review-enrichment/)

1. Finding type + BriefFindings key in src/types.ts
2. src/analyzers/<name>.ts — pure, inject fetch for tests
3. Register in src/brief.ts ANALYZERS registry
4. Render a public-safe block in src/render.ts
5. node:test units against dist/ + a live smoke against the real data source

Deliverables

• The analyzer + wiring + tests + a verifiable brief block (file:line or package@version)
• Clean PR off main (zero engine conflict; outside the engine tsc/vitest/codecov scope)

Parent: #1499