fix: Binary Scan Findings dropdown renders versions that didn't have vulnerabilities

[tonedefdev]

This pull request includes documentation improvements, workflow clarifications, and a bugfix for the Registry Explorer's provider scan findings dropdown. The most significant change is that versions scanned clean (with no security findings) are now excluded from the UI dropdown, ensuring only versions with actual findings are displayed. The PR also updates agent policies and handoff instructions, and documents the bundled Valkey stats store in the architecture.

Bugfixes and Tests:

• The Registry Explorer UI now excludes provider versions that have been scanned and found clean (i.e., no security findings) from the scan findings dropdown. Only versions with at least one finding are listed, improving clarity for users. Unit tests were added to verify this behavior. [1] [2]

Documentation Updates:

• The architecture documentation now describes the bundled Valkey stats store, including deployment details, persistence options, authentication, and configuration references. [1] [2]
• Clarified the server's responsibilities to include recording download events in Valkey.

Agent and Workflow Policy Updates:

• Updated Developer and UI Developer agent instructions to clarify the use of plan.md, handoff steps, and acceptance criteria. Removed redundant or overly strict e2e and Playwright test policies and updated handoff flows to involve the user more directly before code review. [1] [2] [3] [4] [5] [6] [7] [8]

Other Minor Changes:

• Bumped the Helm chart and app version to 0.6.1.
• Fixed a typo in a server code comment ("recognised" → "recognized").
• Minor whitespace and code style cleanups in server files for consistency. [1] [2]