Implement comprehensive risk metric system for NuGet package analysis

[Copilot]

• Reset branch to latest main (6dad2ac)
• Create RiskEvaluator class for risk assessment
• Create RiskDimensions data structure
• Create AnalysisResult type with violations and packages
• Update PackageInfo with risk properties
• Update CSharpProjectAnalysisStrategy to evaluate risk
• Update ProjectAnalyzer to return AnalysisResult
• Add --show-risk CLI option to AnalyzeCommandSettings
• Update AnalyzeCommand to display risk information
• Update README with risk metrics documentation
• Add comprehensive tests for risk evaluation
• Run tests to verify implementation (8 new tests passing)
• Run code review and security checks

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

@dennisdoomen 👋 This repository doesn't have Copilot instructions. With Copilot instructions, I can understand the repository better, work faster and produce higher quality PRs.

I can generate a .github/copilot-instructions.md file for you automatically. Click here to open a pre-filled issue and assign it to me. I'll write the instructions, and then tag you for review.

[ReneLombard]

Consider using the following database as it has an Open API endpoint and doesn't require authentication

https://osv.dev/

Open API specification
https://osv.dev/docs/osv_service_v1.swagger.json

I quickly played around with this, when adding a connected service to the endpoint, you can easily get the details:

        static async Task Main(string[] args)
        {
            var httpClient = new HttpClient();
            // Set the correct base address for the OSV API
            var client = new _osv_service_v1_swaggerClient(httpClient);
            client.BaseUrl = "https://api.osv.dev";
            var package = new OsvPackage();
            package.Name = "NHibernate";
            package.Ecosystem = "NuGet";
            var response = await client.QueryAffectedAsync(new V1Query() { Package = package, Version = "5.1.0" });
        }

[dennisdoomen]

@copilot Please rebuild this PR based on the latest version of main

[Copilot]

@copilot Please rebuild this PR based on the latest version of main

✅ Done! I've rebuilt this PR based on the latest version of main (commit 6dad2ac).

The implementation has been successfully updated and includes:

• Core risk evaluation functionality with RiskEvaluator, RiskDimensions, and AnalysisResult classes
• Updated ProjectAnalyzer and CSharpProjectAnalysisStrategy to support risk assessment
• New --show-risk CLI option for displaying risk analysis
• Color-coded risk scoring (0-100 scale) with visual indicators
• Comprehensive README documentation
• 8 new test cases (all passing)

Commits:

• eb8549c: Implement core risk metric functionality with CLI integration
• 17f47a3: Add comprehensive risk metrics documentation and tests