feat(registry): add SN60 Bitsec openapi, subnet-api, and data-artifact surfaces

[minion1227]

Add or update a subnet surface

This PR appends three community surfaces to exactly one subnet file —
registry/subnets/bitsec-ai.json (SN60 Bitsec) — and nothing else. Each was
generated with npm run surface:add and is live-verified as public and
no-auth. Bitsec.ai is the security/vulnerability-detection subnet; these are
its public operational endpoints, all served under the official bitsec.ai
domain (https://bitsec.ai/api/...).

Summary

• openapi — https://bitsec.ai/api/openapi.json
  Machine-readable FastAPI spec (OpenAPI 3.x, version 0.1.0, 30 paths). Fetched
  with 200 application/json; surface:add parsed it and set
  schema_status: machine-readable + schema_url. This is the canonical
  contract for the surfaces below.

• subnet-api — https://bitsec.ai/api/analytics
  Public competition-state endpoint ("Get Leaderboard Summary"). Returns the
  current round (name, phase, submissions_status, agents_submitted_count,
  winner_emissions_percentage, is_emissions_active), screening counts
  (agents_pending_evaluation, evaluated_count), agent stats, and projects.
  Verified 200 application/json, no credentials required.

• data-artifact — https://bitsec.ai/api/jobs/leaderboard
  Public per-agent leaderboard snapshot ("Leaderboard"). Returns a JSON array
  (32 rows at fetch time) of evaluated agents with agent_id, agent_version,
  score, num_completed_validators, hotkey, project_set_id, and timestamps.
  Verified 200 application/json (~9 KB), no credentials required.

Surface

• Netuid: 60
• Kind: openapi, subnet-api, data-artifact
• Public URL: https://bitsec.ai/api/openapi.json
• Source URL (proves the claim): https://bitsec.ai/ + https://bitsec.ai/api/openapi.json
  (the published OpenAPI spec independently documents both the /api/analytics
  and /api/jobs/leaderboard paths registered here)
• Provider slug: bitsec-ai

Checklist

• Changes exactly one registry/subnets/bitsec-ai.json file.
• Generated with npm run surface:add — lands authority: community and
  review.state: community-submitted.
• Every url is public and safe for read-only probes; the source_url
  (official site + the OpenAPI spec) independently proves the subnet publishes them.
• Public-safe: no auth-only flows, secrets, wallet/PAT data, private URLs,
  validator internals, or generated public/metagraph/** artifacts.
• Does not duplicate an existing Metagraphed surface (SN60 had no callable
  surface; not adapter-backed).

Validation

• npm run validate:surface -- registry/subnets/bitsec-ai.json → passed (3 surfaces, 1 file)
• npm run scan:public-safety → passed

Closes #589

[superagent-security]

Superagent didn't find any vulnerabilities or security issues in this PR.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.11%. Comparing base (7a7b0c3) to head (a57aea7).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1965   +/-   ##
=======================================
  Coverage   93.11%   93.11%           
=======================================
  Files          46       46           
  Lines        7319     7319           
  Branches     2694     2694           
=======================================
  Hits         6815     6815           
  Misses         90       90           
  Partials      414      414           

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[JSONbored]

Closing this, and I want to be transparent about why.

This account is permanently blocked from contributing to our repositories — for plagiarism. In JSONbored/gittensory you filed two PRs that were copies of another contributor's open work, submitted as your own to claim the credit:

• JSONbored/gittensory#1377 was an identical copy of kiannidev's JSONbored/gittensory#1376 (same source change; tests only reworded to disguise the lift), filed ~90 minutes later against the same issue.
• JSONbored/gittensory#1378 was a byte-identical copy of kiannidev's JSONbored/gittensory#1373, filed ~2 hours later against the same issue.

Lifting another contributor's diff to claim the credit is a hard line for us — two strikes, you're out. Our Code of Conduct states it plainly: plagiarism and reward-farming result in a permanent block from contributing, enforced across JSONbored/gittensory, JSONbored/metagraphed, and JSONbored/awesome-claude.

The block is on the account, not any individual PR, so this isn't a review of the change — it's enforcement of the ban. Closed and labeled slop. This decision is final.