feat: Walk phase - observability, scanning, contract tests, and CI improvements

[sanghinitin]

Description

Walk phase of the Crawl→Walk→Run AI-assisted development track for knife-ec-backup. This PR adds observability hooks, security scanning, contract tests, a micro-optimization, and CI improvements.

Key Changes

Area	What
Observability	emit_operation_metric in ec_base.rb emits structured JSON (event, command, duration, error_count) to STDERR on completion
Performance	Frozen VERSION_* constants in Chef::Server — 1.3× speedup, 99.7% fewer allocations in version checks
Contract Tests	Golden-file schema tests for EcErrorHandler output (10 assertions across 4 error types)
Security Scanning	bundler-audit integrated as CI job; .bundler-audit.yml ignore list for 21 transitive CVEs
CI	Coverage summary posted to $GITHUB_STEP_SUMMARY; Mermaid lint job validates diagrams
Docs	Mermaid sequence diagrams for backup/restore/key-export flows; expanded CONTRIBUTING.md
Dependencies	Sequel 5.98→5.104; added simplecov_json_formatter

This work was completed with AI assistance following Progress AI policies.

Related Issue

N/A — part of the AI-assisted development learning track.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Review Focus

• lib/chef/knife/ec_base.rb — emit_operation_metric writes to STDERR; confirm it won't interfere with knife JSON output on STDOUT
• lib/chef/server.rb — frozen constants are used in place of Gem::Version.new; verify no downstream code mutates these
• .github/workflows/build.yml — new audit and mermaid-lint jobs; confirm they don't block the main spec job
• spec/chef/knife/ec_error_handler_contract_spec.rb — golden-file approach; review schema fixture for completeness
• .bundler-audit.yml — 21 ignored CVEs are all transitive via chef ~> 18; confirm acceptable risk

Verification Steps

# Run full test suite
bundle exec rspec spec/

# Run contract tests specifically
bundle exec rspec spec/chef/knife/ec_error_handler_contract_spec.rb

# Run security audit
bundle exec rake audit

# Validate Mermaid diagrams
npx @mermaid-js/mermaid-cli -i ai-track-docs/architecture.mmd -o /dev/null

# Check metrics emission (observe STDERR JSON)
bundle exec knife ec backup /tmp/test-backup --help 2>&1 | head -5

Checklist

• I have read the CONTRIBUTING document
• I have added tests to cover my changes
• All new and existing tests passed (140 examples, 0 failures, 65% line coverage)