feat(sbom): add custodian ingest-sbom + fix help button target

custodian_cli.py:
- new ingest-sbom subcommand: auto-detects repo slug from local_path
  registration, runs ingest_sbom.py --scan from the repo root
- --dry-run flag passes through to the underlying script
- --slug override for repos where path lookup fails

repos.md:
- ? button on "⚠ not ingested" now opens /docs/sbom (not /docs/repos)

docs/sbom.md:
- Ingest commands section now leads with `custodian ingest-sbom` (repo-root)
- make ingest-sbom kept as low-level alternative
- Per-ecosystem and gap-type references updated to new command

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

dashboard/src/repos.md

@@ -143,7 +143,7 @@ display(html`<div class="kpi-row">
 // Returns a new "⚠ not ingested" span with a ? help button each time it's called.
 function _sbomGap() {
   const el = html`<span class="sbom-warn sbom-gap-hint">⚠ not ingested</span>`;
-  withDocHelp(el, "/docs/repos");
+  withDocHelp(el, "/docs/sbom");
   return el;
 }