feat(state-hub): v0.3 registration workflow + ingest-sbom + CLAUDE.md template update

- scripts/ingest_sbom.py: lockfile parser + API poster for uv.lock, requirements.txt,
  package-lock.json, yarn.lock, Cargo.lock; auto-detects from repo root
- Makefile: make ingest-sbom REPO=<slug> [LOCKFILE=<path>] target
- scripts/register_project.sh: adds {REPO_SLUG} template substitution + optional
  SBOM ingest prompt at end of registration (non-fatal if venv not ready)
- scripts/project_claude_md.template: adds Contribution Tracking + SBOM sections
  documenting register_contribution(), update_contribution_status(), ingest-sbom,
  and the contrib/ directory layout
- workplans/CUST-WP-0002: all 15 tasks → done, status → completed

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

workplans/CUST-WP-0002-contribution-tracking-sbom.md

@@ -3,7 +3,7 @@ id: CUST-WP-0002
 type: workplan
 title: "State Hub v0.3 — Contribution Tracking & SBOM"
 domain: custodian
-status: active
+status: completed
 owner: custodian
 topic_slug: custodian
 state_hub_workstream_id: 2446400d-6d01-4679-a314-92af0601c608
@@ -47,7 +47,7 @@ Three interconnected layers:
 ```task
 id: CUST-WP-0002-T01
 state_hub_task_id: c2d7df02-5f37-4c02-a418-fe7ab0050edc
-status: todo
+status: done
 priority: high
 ```
 
@@ -61,7 +61,7 @@ relationship to state-hub. Authoritative reference for other repos.
 ```task
 id: CUST-WP-0002-T02
 state_hub_task_id: 5ef89639-950c-4d57-9578-6d0211edc2df
-status: todo
+status: done
 priority: high
 ```
 
@@ -75,7 +75,7 @@ prose skeleton.
 ```task
 id: CUST-WP-0002-T03
 state_hub_task_id: e8251873-647c-4a4b-b283-298260b19c22
-status: todo
+status: done
 priority: medium
 ```
 
@@ -89,7 +89,7 @@ Status: draft.
 ```task
 id: CUST-WP-0002-T04
 state_hub_task_id: 1c982457-de52-4fc1-a439-3bf3120bb5b6
-status: todo
+status: done
 priority: low
 ```
 
@@ -104,7 +104,7 @@ proper instance of the custodian master spec, not a parallel one.
 ```task
 id: CUST-WP-0002-T05
 state_hub_task_id: c41d71bd-dc88-4201-bd9a-3f8a4eae4910
-status: todo
+status: done
 priority: high
 ```
 
@@ -120,7 +120,7 @@ created_at, updated_at. Alembic migration.
 ```task
 id: CUST-WP-0002-T06
 state_hub_task_id: 28c9bd38-05d8-4466-bff3-3ba4e3957635
-status: todo
+status: done
 priority: high
 ```
 
@@ -142,7 +142,7 @@ Prerequisite: v0.5 P2.1 (managed_repos table) must be complete.
 ```task
 id: CUST-WP-0002-T07
 state_hub_task_id: ee1cd17c-6dbd-4321-bb72-4499147c4837
-status: todo
+status: done
 priority: high
 ```
 
@@ -157,7 +157,7 @@ delete (sets status=withdrawn). Schemas: `ContributionCreate`,
 ```task
 id: CUST-WP-0002-T08
 state_hub_task_id: 25f7ab5c-69d8-41d7-a108-38380eb1f3a9
-status: todo
+status: done
 priority: high
 ```
 
@@ -180,7 +180,7 @@ be complete.
 ```task
 id: CUST-WP-0002-T09
 state_hub_task_id: edcf9b02-8177-4abc-b133-d303cc7ea19d
-status: todo
+status: done
 priority: medium
 ```
 
@@ -196,7 +196,7 @@ normalised list; POSTs to `/sbom/ingest/`. Makefile target:
 ```task
 id: CUST-WP-0002-T10
 state_hub_task_id: 51b2999b-a9c7-4871-8ef8-f5c927ac2454
-status: todo
+status: done
 priority: high
 ```
 
@@ -212,7 +212,7 @@ priority: high
 ```task
 id: CUST-WP-0002-T11
 state_hub_task_id: 20c5c2ae-7758-42cc-885c-a886957e44c2
-status: todo
+status: done
 priority: high
 ```
 
@@ -232,7 +232,7 @@ must be complete.
 ```task
 id: CUST-WP-0002-T12
 state_hub_task_id: 1eb13411-b2da-4d0d-8fe2-e926d029c50f
-status: todo
+status: done
 priority: medium
 ```
 
@@ -247,7 +247,7 @@ selector as decisions page). Apply `injectTocTop` for page-level KPI.
 ```task
 id: CUST-WP-0002-T13
 state_hub_task_id: 1267f313-1bf3-4059-8276-bfefcd9f6aed
-status: todo
+status: done
 priority: medium
 ```
 
@@ -262,7 +262,7 @@ drill-down accordion. Register in `observablehq.config.js`.
 ```task
 id: CUST-WP-0002-T14
 state_hub_task_id: abab0022-d3a4-45ef-a7e1-e0e7c05d295f
-status: todo
+status: done
 priority: low
 ```
 
@@ -277,7 +277,7 @@ otherwise). Uses `/state/summary` fields added in P2.3 and P2.4.
 ```task
 id: CUST-WP-0002-T15
 state_hub_task_id: 47987720-23db-4465-861b-1f93bb1bb391
-status: todo
+status: done
 priority: low
 ```