docs: update CVE tracker — fix counts, add 50 new CVEs, archive resolved (#148)

- Fix summary counts (were inflated since inception: 51 → 84 actual)
- Partial defense count corrected from 2 → 1 (both were upgraded to full)
- Add 50 newly discovered CVEs from NVD + GitHub Security Advisories
- Assess defense coverage for all new entries
- Archive 24 resolved CVEs (Full + Patched) to cve-tracker-archive.md
- Add cve-reference.md as flat lookup table
- Remove unrelated CVEs (LangChain, LibreChat)
- Upgrade CVE-2026-33946 (None → Full: MCP gateway catches hijacked sessions)
- Upgrade CVE-2026-33980 (None → Partial: Crust sees tool call args)
- Consolidate triage entries into main product sections
- Update README.md CVE count (51 → 84)

Author: cyyever

README.md

@@ -244,7 +244,7 @@ Crust ships with **41 security rules** (38 locked, 3 user-disablable) and **51 D
 
 All rules are open source: [`internal/rules/builtin/security.yaml`](internal/rules/builtin/security.yaml) (path rules), [`internal/rules/dlp.go`](internal/rules/dlp.go) (DLP patterns), and [`internal/rules/dlp_crypto.go`](internal/rules/dlp_crypto.go) (crypto key detection)
 
-These defenses are validated against [**51 real-world CVEs**](docs/cve-tracker.md) affecting Cursor, GitHub Copilot, Claude Code, OpenAI Codex CLI, and other AI agents — including prompt injection, config hijacking, env var poisoning, and token exfiltration attacks.
+These defenses are validated against [**84 real-world CVEs**](docs/cve-tracker.md) affecting Cursor, GitHub Copilot, Claude Code, OpenAI Codex CLI, and other AI agents — including prompt injection, config hijacking, env var poisoning, and token exfiltration attacks.
 
 ### Custom Rules